Tesla customers love the carmakersโ nifty keyless entry system, but a cybersecurity expert has demonstrated how the same technology could allow thieves to drive off with certain models of Tesla’s electric vehicles.
A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and drive away, said Sultan Qasim Khan, security consultant at the Manchester, UK-based firm NCC Group.
By redirecting communications between a car ownerโs mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.
The hack, Khan said, isnโt specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, itโs the result of his tinkering with Teslaโs keyless entry system, which relies on whatโs known as a Bluetooth Low Energy (BLE) protocol.
Thereโs no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker didnโt respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday.
Tesla in April acknowledged that โrelay attacks are known limitation of the passive entry system,โ according to NCC Group.
Khan said he had disclosed the potential for attack to Tesla and that company officials didnโt deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.
BLE protocol was designed to conveniently link devices together over the internet, though itโs also emerged as method that hackers exploit to unlock smart technologies including house locks, cars, phones and laptops, Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companiesโ devices.
Kwikset Corp. Kevo smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in lock app. A spokesperson also added that the iPhone-operated locks have a 30-second timeout, helping protect against intrusion.
