- A security company discovered a security flaw in Bluetooth used by companies in many industries.
- The firm was able to unlock a Tesla and operate it without using a key.
- Cars, smart locks and laptops are vulnerable to attacks, the company said.
A cybersecurity company discovered a vulnerability that hackers could exploit to unlock a Tesla and drive away.
UK-based NCC Group says it has found security flaws in Bluetooth Low Energy (BLE), the technology that many cars, including Tesla, use to detect when an owner is nearby and allow them to operate the vehicle without turning a key. . The company said that millions of vehicles, residential smart locks, laptops and other devices that use BLE for proximity authentication are vulnerable to attacks.
“Our research shows that the systems people rely on to protect their cars, homes and private data are using
proximity authentication mechanisms that can be easily cracked with cheap off-the-shelf hardware,” NCC said in a press release on Monday.
One convenient part of owning a Tesla is that owners can download the automaker’s app to use their phone as a car key. It’s a huge benefit that leaves some Teslas open to cyberattacks, NCC Group said. The company said it used a series of so-called relay devices to trick a 2020 Tesla Model 3 into thinking its owner’s phone was nearby, when in fact the phone was 25 meters away.
NCC Group was able to unlock and operate the Tesla even when the authorized iPhone was well outside the BLE range. The company said it expects Model Y vehicles to be vulnerable to the same attack.
“What makes this powerful is not only that we can convince a Bluetooth device that we are close to it, even hundreds of miles away, but that we can do it even when the provider has taken defensive mitigations,” said the consultant. NCC Group’s chief security officer. and the researcher, Sultan Qasim Khan, who conducted this research.
NCC Group said it notified Tesla’s security team about the vulnerability and the automaker said it was aware of the issue.
Tesla did not immediately respond to a request for comment.
NCC Group said it was also able to use a relay attack to unlock a particular model of Kwikset smart lock. In a statement to Insider, a Kwikset spokesperson said that enhanced security features, including two-factor authentication, protect against relay attacks.
In an emailed statement, the Bluetooth Special Interest Group, the association that oversees Bluetooth technology, said “it puts security first, and the specifications include a collection of features that give product developers the tools they need to secure communications. between Bluetooth devices”. The group said it educates developers about security risks and works to address vulnerabilities.