Hackers can steal your Tesla via Bluetooth

The lines between virtual and physical damage caused by cyberattacks are blurring even further after the discovery of a new method of stealing a Tesla car using Bluetooth technology.

A team of researchers from the NCC group has built a tool capable of mounting a Bluetooth Low Energy (BLE) relay attack, successfully bypassing all existing protections and authenticating itself on the target terminals.

While this type of attack works pretty much the same on all types of devices, from smartphones to smart locks, the researchers settled on a Tesla car.

Successful experience

Simply put, the attack works by squeezing the attacker between legitimate Bluetooth transmitter and receiver devices. This way, the attacker can manipulate the data entering the receiving device (in this particular case, the Tesla car).

The only challenge with this method is that the attacker must be in relative proximity to the victim and the target device.

As an experiment, the researchers used a 2020 Tesla Model 3 and an iPhone 13 mini, running version 4.6.1-891 of the Tesla app. They used two relays, one located seven meters from the telephone and the other three meters from the car. The total distance between the phone and the car was 25 meters. The experiment was a success.

“NCC Group was able to use this newly developed relay attack tool to unlock and operate the vehicle while the iPhone was outside of the vehicle’s BLE range,” the researchers concluded.

Later, the team successfully conducted the same experiment on a 2021 Tesla Model Y.

See also  Netflix wants to be a genuine Apple Arcade rival, but it's falling into the same trap

After sharing the results with Tesla, the company said relay attacks were “a known limitation of the passive entry system.”

To defend against relay attacks, users can disable the passive entry system and switch to another authentication method, preferably one that requires user interaction. They must also use the “PIN to Drive” function, to ensure that no one can leave with the vehicle, even if they manage to open it.

Via: BleepingComputer

Leave a Comment