Tesla cars vulnerable to new type of Bluetooth remote unlock

A group of researchers claim that some Tesla vehicles are susceptible to a new relay attack that can remotely unlock the car.

1 minute & 52 seconds read time

A group of researchers from NCC Group in the UK has demonstrated a new way to break into Tesla vehicles.

The researchers explain that the security vulnerability can be pinpointed to the Bluetooth Low Energy (BLE) technology that is used to enter Tesla vehicles. The technology allows the driver to be authenticated when their key fob or app comes within a certain proximity of the car. The current system already comes with various safeguards, but NCC Group researchers have developed a new tool that is capable of bypassing these safeguards and remotely unlocking vehicles.

In a recent blog post by Sultan Qasim Khan, a senior security consultant at NCC Group, it's explained the researchers were able to successfully remotely unlock a 2020 Tesla Model 3 using an iPhone 13 mini that was running an outdated version of the Tesla app. The researchers explain that the iPhone was placed 27 yards away from the car, and two "relaying devices" were placed between the iPhone and the car. Combining the tool developed by the researchers and the relaying devices, they were able to successfully unlock the Tesla from a decent distance.

Notably, Tesla's aren't the only type of car vulnerable to this kind of attack as the researchers point out that any vehicle that uses Bluetooth Low Energy for its keyless entry system may also possess the same vulnerability.

"Testing on a 2020 Tesla Model 3 running software v11.0 (2022.8.2) with an iPhone 13 mini running version 4.6.1-891 of the Tesla app, NCC Group was able to use this newly developed relay attack tool to unlock and operate the vehicle while the iPhone was outside the BLE range of the vehicle. In the test setup, the iPhone was placed on the top floor at the far end of a home, approximately 25 metres away from the vehicle, which was in the garage at ground level.

The phone-side relaying device was positioned in a separate room from the iPhone, approximately 7 metres away from the phone. The vehicle-side relaying device was able to unlock the vehicle when within placed within a radius of approximately 3 metres from the vehicle.

NCC Group has not tested this relay attack against a Model Y or in conjunction with the optional Tesla Model 3/Y BLE key fob. However, based on the similarity of the technologies used, NCC Group expects the same type of relay attack would be possible against these targets, given the use of similar technologies," wrote the researchers.

Tesla cars vulnerable to new type of Bluetooth remote unlock 01
Buy at Amazon

NASA Actually It Is Rocket Science T-Shirt

TodayYesterday7 days ago30 days ago
* Prices last scanned on 12/7/2023 at 3:39 pm CST - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms. Instead of typical FPS, Jak holds a very special spot in his heart for RTS games.

Newsletter Subscription

Related Tags