Tesla vehicles can be unlocked and operated using a new hacking method that employs Bluetooth Low Energy (BLE), according to a research paper by analysts at NCC Group, a global expert in cybersecurity and risk mitigation.
NCC created a tool for carrying out a new type of BLE relay attack that could be used on any devices that communicate over Bluetooth Low Energy. Researchers tested the attack on a 2020 Tesla Model 3 running software v11.0 (2022.8.2) with an iPhone 13 mini running version 4.6.1-891 of the Tesla app. Using the tool, NCC was able to unlock and operate the vehicle while the iPhone remained outside the BLE range of the car, the May 15 post said.
“In the test setup, the iPhone was placed on the top floor at the far end of a home, approximately 25 meters away from the vehicle, which was in the garage at ground level. The phone-side relaying device was positioned in a separate room from the iPhone, approximately 7 meters away from the phone,” according to the post.
The vehicle-side relaying device, which was placed within a radius of approximately 3 meters (9.8 feet) from the car, was able to unlock the vehicle.
NCC did not test the hack against Tesla’s Model Y, but since the technology used in the vehicle is similar to the Model 3, the group expects similar results.
“NCC Group discovered that relay attacks against the Model 3 remained effective with up to 80 ms of round trip latency artificially added beyond the base level of latency introduced by the relaying tool over a local Wi-Fi network,” said the report.
The analysis team believes that this latency margin is sufficient to conduct long-distance relay attacks over the internet. NCC did not test any long-distance attacks.
If an attacker were able to place a relaying device within the BLE signal range of a key fob or mobile phone that is authorized to access Tesla’s Model 3 or Y cars, they may be able to break into and operate the vehicle, NCC warned.
To avoid such situations, the group recommended that owners be educated about the risks of BLE attacks and recommended using the PIN to Drive feature. An option to disable passive entry can also be helpful.
The passive entry functionality in the mobile app should be disabled if the device has been stationary for more than a minute, NCC said.
In addition, the mobile app must report the device’s last known location during the authentication process with the vehicle. This can allow the car to detect and reject long-distance relay attacks.
In January, security researcher David Colombo had gained access to more than 20 Tesla vehicles in 10 nations. However, the hack was not due to existing vulnerabilities in Tesla vehicles, but due to the owners’ fault, he said in a Jan. 11 tweet.
Tesla executives did not respond to The Epoch Times’ request for comment during press time.