New Bluetooth attack can remotely unlock Tesla vehicles and smart locks

Researchers have demonstrated a new attack that can remotely open and close some vehicles.

The entry system that allows drivers with the app or key to unlocks and operate their car from nearby is vulnerable. Most devices and vehicles that rely on this kind of proximity-based authentication are designed to protect against a range of relay attacks, which typically work by capturing the radio signal used for unlocking a vehicle, for example, and replaying it again as if it were an authentic request, by using encryption

Researchers at the U.K.-based NCC Group say they have developed a tool for conducting a new type of BLE link-layer relay attack that can be used to remotely open and operate vehicles.

Sultan Qasim Khan, a senior security consultant at the NCC Group, said in a post that it tested the attack against the 2020 Model 3 using an older version of theTesla app. The researchers said that the device was placed 25 meters away from the vehicle. The researchers were able to open the vehicle using the tool. The experiment was successfully replicated on the Model Y.

While the attack was demonstrated against a car, Khan notes that any car that uses BLE could be vulnerable to this attack. The attack could be used against the Weiser Kevo line of smart locks, which support BLE passive entry through their touch-to-open function.

Khan can be seen in the video walking up to the Model Y with a laptop and a relay device in his hand, which he can use to open the door.

According to our research, systems that people rely on to guard their cars, homes, and private data are using off-the-shelf hardware that can be easily broken.

The industry group that oversees the development of the standard acknowledged the issue but said that relay attacks were a known problem. Relay attacks are a known limitation of the passive entry system. The company did not reply to the request for comment. The public relations team atTesla was scrapped in 2020.

The BLE relay attacks need to be included in the documentation for proximity authentication systems.

The PIN to Drive feature, which requires a four-digit pin to be entered before the vehicle can be driven, and to disabling the passive entry system in the mobile app are encouraged by the researchers.

The company is known for security flaws. A 19-year-old security researcher said he was able to remotely access dozens ofTeslas around the world because of security bugs found in an open source logging tool popular withTesla owners

Flaws in third-party software exposed dozens of Teslas to remote access