Researchers from the NCC Group have found that it’s possible to steal a Tesla Model 3 or Model Y through its Bluetooth Low Energy signal detection, and the vehicle’s phone-as-key unlock mechanism is to blame.
According to the report, the attack, classified as a ‘Relay Attack,’ not only works on Tesla vehicles, but also on smartphones, laptops, smart locks and a range of devices that employ the Bluetooth Low Energy (BLE) standard.
The hack typically requires a team of two, with one person situated near the in-ambush vehicle, and the other in close proximity to the owner owner’s phone that they use as a key to unlock their Tesla. Both attackers need to have an active internet connection to pass requests.
The attacker near the Tesla approaches the vehicle, impersonating as the phone-as-key device, prompting the vehicle to send out an authentication request. The request is relayed to the attacker, who then passes it to the vehicle owner’s device. The legitimate phone-as-key device passes on the credentials to the attacker near it, who then relays it to the attacker near the vehicle. Finally, the credentials are then relayed to the car, prompting it to unlock.
It’s worth noting that the attack doesn’t necessarily need a team of two, and rather, just a relaying device hidden somewhere near the vehicle owner’s authentication device can successfully complete the attack. The NCC Group experimented with the vulnerability on a 2020 Tesla Model 3 using an iPhone 13 mini.
“The NCC Group was able to use this newly developed relay attack tool to unlock and operate the vehicle while the iPhone was outside the BLE range of the vehicle. In the test setup, the iPhone was placed on the top floor at the far end of a home, approximately 25 metres away from the vehicle in the garage at ground level. The phone-side relaying device was positioned in a separate room from the iPhone, approximately 7 metres away from the phone. The vehicle-side relaying device was able to unlock the vehicle when within placed within a radius of approximately 3 metres from the vehicle,” reads the report.
To avoid a similar attack on your vehicle, it’s recommended that you use the PIN-to-drive feature, which will prevent bad actors from driving your vehicle off, in case they’re able to pull off a successful BLE attack.
Learn more about the vulnerability here.
Image credit: The Telegraph