Tesla cars are, by current standards, some of the most modern electric vehicles.
They benefit from features that give its owners the ability to unlock their vehicle with either a touch of their special card or their smartphone. However, given its virtually completely electronic nature, it has repeatedly been proven that Tesla is not completely free of being hacked and hacked.
At the heart of these hacks is the only wireless feature that is becoming increasingly difficult to live without: Bluetooth connectivity.
It’s not even a mistake
To demonstrate how easy it is for a hacker to break into a Tesla, a researcher named Sultan Qasim Khan from security firm NCC Group has devised a hack that allows him to unlock millions of Tesla – along with other a few Bluetooth-enabled devices – even when the card or phone you’re connected to is hundreds of miles away. Kicker here, says Khan, is that the process simply requires some creative coding and hardware worth about $ 100.
The method is known as a relay attack, and in the simplest of descriptions, the process requires two attackers to be involved. According to Ars Technica, the first attacker (A) will have to be in close proximity to Tesla, while the second (B) will need to be in the immediate vicinity of the car owner and the phone. To unlock the vehicle. Both the first and the second attacker must have an open internet connection, obviously, so that the data can be transferred between them.
Once the scene is ready, Attacker 1 will continue to use its own Bluetooth-enabled device to send a signal to the vehicle, while usurping the phone owner’s phone identity. This will then prompt Tesla to respond with a request for authentication, at which point A send the request to B, which in turn continues to send that request to the authentication phone. From there, the owner’s phones answer with the appropriate credentials, which are then sent back to the first attacker through his accomplices.
Again, this is just one of the many examples where hackers can gain access to a Tesla, but even more frightening: this is a feature of Bluetooth Low-Energy (BLE) and not an error. Sometimes hackers don’t even have to work as a team to carry out such an attack. Sometimes all you need to do is prepare in advance, after determining the location of a Tesla, you could plant relay devices in and around the car. Then, when the car is within Bluetooth range, the whole process explained above can be repeated without a second human attacker.
One solution to this problem, says NCC Group, is for Tesla owners to completely disable the feature. Another solution, they said, is to add a PIN to the authentication process for an extra layer of security, as well as set time limits on the login system if the phone or key has been idle for more than a minute.