Hackers can steal your Tesla via Bluetooth

Scott Marlette

2 years ago

Hackers can steal your Tesla via Bluetooth

The lines between virtual and physical damage from cyberattacks are blurring even further after a new method of stealing a Tesla car using Bluetooth technology was uncovered.

A team of researchers from NCC Group built a tool that is capable of mounting a Bluetooth Low Energy (BLE) relay attack, successfully bypassing all existing protections and authenticating on target endpoints.

While this type of attack works pretty much the same on all kinds of devices, from smartphones to smart locks, researchers opted for a Tesla car.

Successful experiment

In layman’s terms, the attack works by squeezing the attacker in between the legitimate Bluetooth sender and receiver devices. That way, the attacker gets to manipulate the data going into the receiving device (in this particular case, the Tesla car).

The only challenge with this method is that the attacker needs to be in relative proximity to both the victim, and the target device.

As an experiment, the researchers used a 2020 Tesla Model 3, and an iPhone 13 mini, running version 4.6.1-891 of the Tesla app. They used two relay devices, one located seven meters away from the phone, and the other one located three meters from the car. The overall distance between the phone and the car was 25 meters. The experiment was a success.

“NCC Group was able to use this newly developed relay attack tool to unlock and operate the vehicle while the iPhone was outside the BLE range of the vehicle,” the researchers concluded.

Later, the team successfully conducted the same experiment on a 2021 Tesla Model Y.

After sharing the findings with Tesla, the company said relay attacks were “a known limitation of the passive entry system”.

To defend from relay attacks, users can disable the passive entry system and switch to an alternative method of authenticating, preferably one that requires user interaction. They should also use the “PIN to Drive” feature, to make sure no one can drive away with the vehicle, even if they successfully manage to open it.

Via: BleepingComputer

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.