Hackers able to unlock Teslas remotely as thefts of keyless cars soar
TESLA owners have been warned that criminals can remotely unlock and steal their cars after hackers exposed a security flaw in the smartphone app which opens the doors.
Model 3 and Model Y vehicles are at risk from a vulnerability in the technology, which is powered by Bluetooth, which allows thieves to unlock a Tesla from 25 metres away. Teslas are only supposed to unlock if the owner’s mobile phone is within one metre of the vehicle, according to the carmaker.
NCC Group, a Manchester-based cyber security company, showed Tesla how a radio tool can capture the Bluetooth Low Energy (BLE) signal from an owner’s phone and rebroadcast it to their car.
This fools the car into thinking the owner is nearby and allows the doors to be unlocked.
NCC Group said: “Users should be educated about the risks of BLE relay attacks, and encouraged to use the PIN to Drive feature.”
The tool uses off-the-shelf components, NCC Group said, but it is not revealing precise details in case criminals try to copy it. Tesla’s Model 3 was the first mainstream production car to use BLE technology for keyless entry.
“In the test setup, the iphone was placed on the top floor at the far end of a home, approximately 25 metres away from the vehicle, which was in the garage at ground level,” said NCC Group researcher Sultan Qasim Khan.
Mr Khan’s replay tool was positioned around seven metres from the car, representing a criminal lurking outside the front door or in the street. The Model 3 used in the test was successfully unlocked as a result.
NCC Group said the attack should be possible against Tesla Model Ys based on that car using similar keyless technology to the Model S.
Previously BLE was thought to be secure against such thefts as its signals are encrypted and rely on signals being sent and received within specific time windows.
Mr Khan said that NCC’S BLE tool is able to receive and rebroadcast the signals so quickly that they bypass the timing-based security features.
Tesla did not immediately respond to a request for comment.
NCC Group said it had notified the carmaker of the flaw before going public with it.
Thefts of keyless cars now make up half of all stolen vehicles, according to data compiled by the car insurer LV= last year, despite the vehicles only accounting for 1pc of cars on Britain’s roads.