While Tesla users particularly appreciate the automaker’s ingenious and ultra-convenient keyless entry system, Sultan Qasim Khan, cybersecurity researcher at the NCC Group, recently exposed one of the biggest flaws in this technology across the world. hacking a Tesla.
For brand users You’re herethe keyless entry and start system of their electric vehicle is without a doubt the comfort option that they would not abandon for anything in the world. The problem is that while this technology offers maximum ease of use, it is above all very easy to defeat. And that’s what Sultan Qasim Khan has to prove. This by demonstrating the hacking of the Tesla Model 3 and Y.
Generally speaking, the hack is not complicated at all. Indeed, as the car permanently emits a presence signal intended for the contactless key via the BLE technologysimply redirect the signal through a loophole in the data link layer to spoof the signal from the original owner and trick entry system.
Clearly, the hacker will convince the Bluetooth receiver that all proximity conditions are met. Once done, it will cause the sending of unlock messages. This will allow thieves to open and leave with the car, without any break-in. And this feat only takes 10 seconds.
Note that this type of hacking nevertheless requires a certain level of skill.
An endless list of vulnerable products
The type of demonstration carried out by Khan is not new. And neither does this kind of hacking. Indeed, for years, cybersecurity specialists have repeatedly demonstrated the vulnerability of keyless systems. And it’s not just about cars. In fact, any product with BLE technology is susceptible to relay attack.
The NCC Group researcher notably conducted relay attacks against a wide range of devices in order to test their resistance. To cite only:
- Cars with electronic unlocking
- Laptops with Bluetooth unlock
- Kwikset Kevo Smart Locks
- Building access control systems
- Medical Patient Asset Tracking
Tesla hack: no change planned at Tesla
Although Khan revealed the flaw in the contactless key system to Tesla, the firm does not consider it a major risk. In fact, even if the keys of Tesla Models 3 and Y can be hacked, being able to open the car does not mean being able to start it. Besides, there is no evidence that shows that hackers have ever used this type of hack. to bypass vehicles of the brand.
Moreover, as this flaw directly affects the components, no update is possible. To make its system as secure as possible, Tesla would therefore have to modify its hardware and permanent change of its keyless entry system. Chise she hasn’t planned yet.