- A security company has discovered a vulnerability in Bluetooth that is used by companies in many industries.
- The company was able to unlock and operate a Tesla without using a key.
- Cars, smart locks and laptops are all vulnerable to attacks, the company said.
A cybersecurity company discovered a vulnerability that hackers could exploit to unlock a Tesla and drive away.
The UK-based NCC Group says it has found security flaws in Bluetooth Low Energy (BLE), the technology many cars, including Tesla, use to detect when an owner is nearby and allow them to operate the vehicle. without turning a key. The company said millions of vehicles, smart home locks, laptops and other devices that use BLE for proximity verification are vulnerable to attacks.
“Our research shows that systems people rely on to monitor their cars, homes and private data are using
proximity verification mechanisms that can be easily broken with inexpensive out-of-the-box hardware,” NCC said in a press release Monday.
A useful part of owning a Tesla is that owners can download the automaker’s app to use their phone as a car key. It’s a nice benefit that exposes some Teslas to cyberattacks, NCC Group said. The company said it used a series of so-called relay devices to trick a 2020 Tesla Model 3 into thinking its owner’s phone was nearby, when in fact the phone was 25 meters away.
NCC Group was able to unlock and operate the Tesla even when the authorized iPhone was well out of BLE range. The company said it expects Model Y vehicles to be vulnerable to the same attack.
“What makes this powerful is not only that we can convince a Bluetooth device that we’re close – even hundreds of miles away – but that we can do it even if the vendor has taken defensive measures,” said NCC Group chief security advisor and researcher, Sultan Qasim Khan, who conducted this research.
NCC Group said it had notified Tesla’s security team of the vulnerability and that the automaker was aware of the issue.
Tesla did not immediately return a request for comment.
NCC Group said it could also use a relay attack to unlock a particular model of Kwikset smart lock. In a statement to Insider, a Kwikset spokesperson said enhanced security features, including two-factor authentication, protect against relay attacks.
In an emailed statement, the Bluetooth Special Interest Group, the association that oversees Bluetooth technology, said it “prioritizes security and its specifications include a set of features that provide product developers with the tools they need to between Bluetooth devices.” The group said it is educating developers about security vulnerabilities and is working to address vulnerabilities.