But this hack works on virtually every modern car out there…
Out of all the mainstream car brands on the market, we hear of thieves stealing Teslas less than pretty much anything. In the past, the American automaker has taken its cars to hacking competitions, asking participants to defeat its security systems, allowing the company to make software changes that are pushed out through over-the-air updates, closing up any loopholes. That’s why we were shocked to hear a security firm based in the UK claims it exploited a security flaw in the Tesla Model S and Model Y, allowing it to unlock and start the electric vehicles without the key fob nearby.
Watch the latest Motorious Podcast here.
This hack was demonstrated for The Telegraph by Sultan Qasim Khan, principal security consultant for NCC Group, on camera. A relay device is used to capture the key fob or owner’s phone’s signal, relaying it to a computer near the vehicle. We’ve seen this tactic used for just about every car with keyless entry. Still, this certainly is a concerning revelation. Khan did state it can be performed on many other cars as well as smart house locks, smartphones, and laptops among other products. Without being specific, he claimed to have performed the same hacking attack on several other automaker’s cars as well as numerous devices.
To gain access to the Teslas and start up the electric motor(s) Khan says he exploits the Bluetooth Low Energy protocol. According to the Bluetooth SIG website, BLE helps conserve device power versus Bluetooth Classic. The technology has been on the market since 2010 and has been used heavily in the Internet of Things segment of the market.
So far, there are no recorded incidents of thieves using an attack like this to gain access to a car, home, or any device. However, Khan claims he let Tesla know about the risk and didn’t receive any affirmative response. He also claims to fix this security flaw, Tesla needs to change its hardware, not just the software.
One can fairly ask why Khan demonstrated this hack only on Tesla vehicles, especially since he claims it works on many other cars. Also, why didn’t he hack some electronics on camera? It seems odd, but the Tesla brand seems to be singled out in this demonstration, which can’t be coincidence.
Source: The Telegraph
Photos via Tesla