A security consultant has been able to demonstrate a Bluetooth Low Energy (BLE) protocol vulnerability that could allow hackers to unlock and steal a vehicle. The vulnerability was demonstrated on a Tesla, but could be applied to any vehicle with the same technology.
According to Sultan Qasim Khan, principal security consultant at NCC Group, the vulnerability works by redirecting communication between the owner’s mobile phone or key fob, and the vehicle.
In a demonstration to Bloomberg, Khan used two small hardware devices that forward communications worth about $100 to conduct a relay attack that could work on a Tesla Model 3 or Model Y.
One relay device was placed within about 15 yards of the owner’s smartphone, while the other was plugged into Khan’s laptop running custom software designed on Bluetooth development kits that costs less than $50.
The relay attack fools the car into thinking the owner was located nearby. Once everything is setup, the attack can take less than 10 seconds according to Khan.
The vulnerability was disclosed to Tesla, but they reportedly didn’t deem it a significant risk. Khan explained that they would have change their hardware and keyless entry system in order to correct the vulnerability.
Bloomberg says there has been no evidence to indicate thieves have used this particular vulnerability to gain access to vehicles and steal them.