A new research paper showing a vulnerability with Bluetooth Low Energy (BLE) is being used to single out Tesla for potentially resulting in unlocking vehicles remotely.
Today, Tesla is in the news with headlines like “millions of Tesla vehicles vulnerable to hacking.”
These reports are coming up after a paper from the NCC Group came out exposing Bluetooth Low Energy (BLE):
We’ve conducted the world’s first link layer relay attack on Bluetooth Low Energy (BLE), the standard protocol used for sharing data between devices that has been adopted by companies for proximity authentication to unlock millions of vehicles, residential smart locks, commercial building access control systems, smartphones, smart watches, laptops and more.
As they wrote, this is a specific exploit related to BLE, and it affects virtually every device that uses the protocol, but the reason Tesla is being singled out is that they demonstrated the vulnerability in Tesla vehicles.
They wrote in the report:
Cars with automotive keyless entry – an attacker can unlock, start and drive a vehicle. NCC Group has confirmed and disclosed a successful exploit of this for Tesla Models 3 and Y (over 2 million of which have been sold).
They are describing a relay attack, which has been a known issue with every car using key fobs, and Tesla has moved to BLE key fobs in 2016. Thefts of Tesla vehicles are quite rare in North America, but in Europe, they have some more sophisticated thieves that managed a string of Tesla vehicle thefts through relay attacks, and most vehicles haven’t been recovered.
In response to those attacks, Tesla started rolling out extra layers of security with an “improved cryptography” key fob and optional “PIN to Drive” feature. These measures can be applied to greatly decrease the chances of your Tesla vehicle being stolen – even with this BLE vulnerability.
As we previously reported, Tesla has been heavily investing in cybersecurity, especially though having a good relationship with whitehat hackers. The automaker increased its max payout per reported bug to $15,000 in 2018, and it has ramped up its security team as well as its relationship with hackers through participation in hacking conferences.
Over the last few years, Tesla has brought its cars as targets in the popular Pwn2Own hacking competition.
Cybersecurity has been a top priority at Tesla. You can read more about it in our article: The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy.
Subscribe to Electrek on YouTube for exclusive videos and subscribe to the podcast.
Author: Fred Lambert