Research reveals that cars, homes, and personal data of those depending on Bluetooth proximity authentication mechanisms to protect their smart devices are at risk.
The IT security researchers at Manchester, England-based NCC Group have revealed startling details of a Bluetooth hack affecting Tesla Model 3 and Y. It is worth noting that although vehicles from different automotive companies are at risk since Tesla is the talk of the town, the researchers singled out the company mainly to demonstrate the extent of the issue.
The exploit is specifically linked to Bluetooth Low Energy (BLE). Consequently, it impacts all those devices/vehicles that utilize it.
According to NCC Group’s technical advisory published on May 15th, the attack involves relaying the BLE signals from a smartphone already paired with a Tesla. Researchers revealed that this hack allows an attacker to unlock the vehicle door, start it and drive away.
For your information, BLE is a standard protocol used to share data between devices. This protocol is used in vehicles for proximity authentication for unlocking locks. Apart from vehicle locks, it is also used in residential smart locks, smartphone unlocking, commercial building control systems, laptops, smartwatches, etc.
In its blog post published on May 16th, NCC Group’s revealed that,
“We’ve conducted the world’s first link-layer relay attack on Bluetooth Low Energy (BLE), the standard protocol used for sharing data between devices that have been adopted by companies for proximity authentication to unlock millions of vehicles, residential smart locks, commercial building access control systems, smartphones, smartwatches, laptops and more.”
“Our research shows that systems that people rely on to guard their cars, homes, and private data are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware — in effect, a car can be hacked from the other side of the world.”
“Cars with automotive keyless entry – an attacker can unlock, start and drive a vehicle. NCC Group has confirmed and disclosed a successful exploit of this for Tesla Models 3 and Y (over 2 million of which have been sold).”
How does it Work?
What actually happens is that the paired smartphone must be nearby the Tesla vehicle to unlock it. NCC researchers placed a gadget close to the paired smartphone and another close to the car. The phone’s gadget relayed signals to the car’s gadget from the phone’s side, and these signals were then forwarded to the car to unlock and start it, which should never happen since the car and the phone are far apart.
Researchers stated that an attacker could easily unlock a Tesla using a relay gadget if they are standing close to the victim using this technique. The gadget would relay signals from the victim’s phone to the Tesla parked outside, and another attacker would use the other gadget to receive the signals, unlock the car and drive it away.
More Tesla, Inc. Security News
- Tesla autopilot feature hacked to risk oncoming traffic
- Sensitive user data found in Tesla car parts sold on eBay
- Researchers found another way to hack Tesla Model X Key Fob
- Tesla cars can be remotely hacked using a drone and WIFI dongle
- 3rd-party flaws allowed a teen hacker to track the location of Tesla cars