The boundaries between virtual and physical damage from cyber attacks are blurred even more after a new method of stealing a Tesla car using Bluetooth technology was discovered.
A team of researchers from the NCC Group has created a tool capable of mounting a Bluetooth Low Energy (BLE) relay attack, successfully bypassing all existing protections and authentication at target endpoints.
Although this type of attack works almost the same on all types of devices, from smartphones to smart locks, the researchers chose the Tesla car.
A successful experiment
Speaking to non-professionals, the attack works by squeezing an attacker between legitimate sender devices and a Bluetooth receiver. Thus, an attacker can manipulate the data coming into the receiving device (in this case, a Tesla car).
The only problem with this method is that the attacker must be in relative proximity to both the victim and the target device.
As an experiment, the researchers used the 2020 Tesla Model 3 and the iPhone 13 mini with version 4.6.1-891 of the Tesla app. They used two repeaters, one seven meters from the phone and the other three meters from the car. The total distance between the phone and the car was 25 meters. The experiment succeeded.
“NCC Group was able to use this newly developed relay attack tool to unlock and control the car while the iPhone was out of the car’s BLE range,” the researchers concluded.
The team later successfully conducted a similar experiment on the 2021 Tesla Model Y.
Sharing its findings from Tesla, the company said the relay attacks were a “known limitation of the passive entry system”.
To protect against relay attacks, users can disable the passive login system and switch to an alternative authentication method, preferably one that requires user interaction. They should also use the “PIN to control” function to make sure that no one can leave the vehicle, even if they successfully open it.