The cybersecurity researcher noted that Tesla’s keyless entry system is based on the Bluetooth Low Energy (BLE) protocol.
While Tesla’s keyless entry system may be one of the most convenient features, it also has a loophole. A cybersecurity researcher has demonstrated to Bloomberg how technology can be compromised by allowing thieves to unlock and leave with some models of electric vehicles from Tesla. According to Sultan Qasim Khan, chief security consultant at the NCC Group security firm, hackers can redirect communication between a car owner’s mobile phone or keychain and a car, especially in the case of Tesla Model 3 and model Y.
Unauthorized persons may deceive the keyless entry system by thinking that the owner is physically close to the vehicle. Khan, however, clarified that the hacking was not related to Tesla, but he demonstrated hacking on one of Tesla’s car models. He said the result of his work with Tesla’s keyless entry system is based on the Bluetooth Low Energy (BLE) protocol.
However, there is no evidence that the thieves actually used the hack for improper access to Tesla cars. The researcher also noted that to fix this problem, the car manufacturer will need to change the equipment and change the keyless entry system. The discovery came after another safety researcher, David Colombo, revealed a way to capture some features on Tesla cars, such as opening and closing doors and controlling music volume.
During the demonstration, Bloomberg Khan conducted a so-called relay attack in which a hacker uses two small hardware devices to transmit communications. To unlock the car, he placed one relay device about 15 meters from the Tesla owner’s smartphone or keychain, and another connected to his laptop, next to the car.
The technology used custom computer code that Khan developed for Bluetooth development kits that sold less than $ 50 online. The necessary hardware, in addition to the custom software, costs about $ 100 and can also be easily purchased online.
Date of first publication: 7:25 AM IST on May 17, 2022