Hacker Shows How to Remotely Unlock & Start Teslas!
Customers may appreciate Tesla Inc.‘s convenient keyless entry system, but one cybersecurity hacker has shown how the same technology may allow crooks to steal specific Tesla models.
According to Sultan Qasim Khan, a lead security expert at Manchester, UK-based security firm NCC Group, a hack effective on Tesla Model 3 and Y electric vehicles would let a burglar unlock a vehicle, activate it, and race away. Hackers can trick the vehicle’s entry system into believing the owner is actually nearby by diverting connections between the owner’s phone or key fob and the automobile.
Khan claims that the hack isn’t unique to Tesla, but he did show the technique on one of the company’s vehicles. It’s actually the result of his experience with Tesla’s keyless entry system, which uses the Bluetooth Low Energy (BLE) protocol.
There’s no proof that the breach was exploited to gain unauthorized access to Tesla automobiles. A request for information from the automaker was not returned. According to an NCC official, the company sent a memo to its clients on Sunday detailing its findings.
Khan stated that he informed Tesla about the possibility of a cyber-attack, but the business management did not believe the threat was severe. According to Khan, the company would have to upgrade its hardware and keyless entry technology to remedy the problem. Another security researcher, David Colombo, recently revealed a means to control several functions in Tesla cars, including opening and closing doors and regulating music volume.
According to Khan, the BLE protocol was created to make it easier to connect gadgets over the internet, but it’s also become a means that hackers use to unlock smart technology such as house locks, vehicles, phones, and computers. The NCC Group said it was able to carry out the attack on the devices of many additional automakers and technology firms.
The same problem affects Kwikset Corp. Kevo smart locks that employ keyless systems with iPhone or Android phones, Khan added. Customers who use an iPhone to access the lock may enable two-factor authentication in the lock app, according to Kwikset. The iPhone-operated locks also feature a 30-second timeout, according to a spokeswoman, which helps prevent infiltration.
The Kwikset Android app will be updated in the summer, according to the manufacturer.
The Bluetooth Special Interest Group (SIG) prioritizes security, and the specifications include a collection of features that provide product developers with the tools they need to secure communications between Bluetooth devices.
a representative from Bluetooth SIG, the collective of companies that manages the technology, said.
The SIG also offers developers resources to help them implement the appropriate level of security in their Bluetooth products and a vulnerability response program that collaborates with the security research community to address vulnerabilities identified in Bluetooth specifications responsibly.
Khan is the developer of Sniffle, the first open-source Bluetooth 5 sniffer, and has discovered multiple vulnerabilities in NCC Group client products. Sniffers can follow Bluetooth signals and assist in device identification. Government highway authorities frequently employ them to anonymously monitor cars passing through metropolitan areas.
According to a 2019 investigation by Which, a British consumer organization, over 200 automobile types are vulnerable to keyless theft, which uses similar but slightly distinct assault methods such as faking wifi or radio signals.
Khan demonstrated a so-called relay attack, in which a hacker uses two small hardware devices to transfer messages. Khan installed one relay device within 15 yards of the Tesla owner‘s smartphone or key fob, and a second near the car, both linked to his laptop. Khan has created a unique computer code for Bluetooth development kits, which are available for less than $50 on the internet.
The required hardware, in addition to Khan’s bespoke software, costs around $100 and can be easily obtained online. Khan claims the hack only takes 10s after the relays are set up.
Sultan Qasim Khan said that If the owner’s phone was at home, an attacker might go up to any home at night with a Bluetooth passive entry vehicle parked outside and use this attack to unlock and start the vehicle. He added that the hacker can send commands from anywhere in the world once the device is placed near the fob or phone.
