Tesla customers love the carmakers’ nifty keyless entry system, but a cybersecurity expert has demonstrated how the same technology could allow thieves to drive off with certain models of Tesla’s electric vehicles.
A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and drive away, said Sultan Qasim Khan, security consultant at the Manchester, UK-based firm NCC Group.
By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.
The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.
There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday.
Tesla in April acknowledged that “relay attacks are known limitation of the passive entry system,” according to NCC Group.
Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.
BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as method that hackers exploit to unlock smart technologies including house locks, cars, phones and laptops, Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.
Kwikset Corp. Kevo smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in lock app. A spokesperson also added that the iPhone-operated locks have a 30-second timeout, helping protect against intrusion.
