A flaw in Bluetooth Low Energy (BLE) has just been exploited… with a very convincing demo. A group of researchers managed to open a Tesla Model 3, but also to start it.
Security researchers have demonstrated how easy it is to trick a Tesla into letting a thief sneak their way inside and even start the car, Bloomberg reports. Sultan Qasim Khan, a security consultant at NCC Group, demonstrated the technique, which involves redirecting communications between a Tesla owner’s smartphone or access card and the car.
During his demonstration, the researcher used two small devices capable of relaying wireless communications, which only cost about $100 in total and can be easily purchased online. The connection between the smartphone or card and the car is established using Bluetooth Low Energy (BLE). The protocol has been very often exploited in the past. In 2020, for example, researchers had mentioned a flaw which makes it possible to tamper with information sent to a device, bypassing the authentication phase supposed to guarantee their authenticity.
In the case of Tesla, the researchers used a “link layer relay attack» (link layer relay attack). NCC Group specialists were able to unlock, start and drive cars, as well as unlock and open certain smart locks. More generally, the problem is not specific to Tesla: any vehicle that uses Bluetooth Low Energy (BLE) for its keyless system would be vulnerable to this attack.
Not easy to operate
We reassure you, buying the equipment for 100 dollars is not enough. This exploit still requires the attacker to have access to the owner’s Bluetooth device or key fob/card. However, it is enough to cross the owner of the Tesla car and be close to him to exploit the flaw.
Thieves will have to work in tandem, one staying near the owner, the other near the car. A web-connected device then relays the signals, even if the owner is far from the vehicle. This exploit bypasses the usual protections against attacks, because it works at a low level of the Bluetooth protocol.
If your security system allows it, which is the case on Tesla cars, you must activate an additional authentication step. On Model 3 and Model Y, a PIN code (PIN to Drive) can be set up which must be entered to be able to start the vehicle.
Tesla has been made aware of this security flaw and should be rolling out a fix soon. In the meantime, rest assured, it is unlikely that someone will exploit this flaw to steal your vehicle.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.