NFC relay attack demonstrated on a Tesla Model Y, but it can happen to any car or device that uses Bluetooth tech

Credit: IOActive | YouTube

Security researchers have demonstrated a NFC (Near-Field Communication) relay attack, sharing a video in which a Tesla Model Y was stolen in a matter of seconds.

While using a Tesla vehicle makes for an eye-catching demonstration and subsequent headlines, the relay attack is not new and something that can be used on any car or device that uses Bluetooth technology.

According to the details of the attack shared with The Verge by Josep Pi Rodriguez, principal security consultant for IOActive, the relay attack can only work if they are able to get within 2 inches of the Tesla Key Card or the owner’s mobile device that has been setup as a virtual key.

Using a pair of devices they can then replicate the signal used to unlock the vehicle, communicating through Bluetooth to send the signal, thereby allowing the perpetrator to get in and drive away.

Here is a video showing the relay attack in action.

However as we mentioned, the attack is not really anything new and is a known vulnerability that exists across all NFC and Bluetooth authentication devices, including other cars and even Google Wallet and your tap-enabled debit and credit cards, according to a hardware and security expert who discussed the relay attack with us.

IOActive suggests Tesla could mitigate the problem by reducing the amount of time the NFC card can take to respond to the NFC reader in the car, currently set at 2 seconds.

According to our expert, another way to mitigate the problem is to enable multi-factor authentication (MFA), which Tesla already has in the form of PIN-to-drive.

This is likely why when contacted about the vulnerability, Tesla decided not to fix it and instead suggested to IOActive that owners do just that and implement the PIN-to-drive function, requiring  a 4-digit PIN to be entered on the main display before the car can be driven away. This is also something we have suggested several times before.

Rodriquez admitted in his interview that other automakers are vulnerable to this relay attack, but said Tesla was in a better position than others because of the ability to mitigate it by enabling PIN-to-drive. Unfortunately this fact was left to the very last line in the article published by The Verge.

About Darryn John 5008 Articles
Founder and Editor-in-chief of Drive Tesla Canada | Darryn@DriveTeslaCanada.ca Have a Tesla tip? Email tips@driveteslacanada.ca, or DM us on Twitter @DriveTeslaca