Tesla cars unlocked within seconds via Bluetooth hack; Researchers expose vulnerability

RahulNagaraj · 19th May 2022, 15:52

Sultan Qasim Khan, a researcher from the cybersecurity firm NCG Group has found a vulnerable flaw in the Bluetooth technology used to lock/unlock vehicles.

Tesla cars unlocked within seconds via Bluetooth hack; Researchers expose vulnerability-teslamodel3.jpg

Using the latest Tesla Model 3 & Model Y as examples, researchers demonstrated how easy it is to hack into the Bluetooth technology, unlock the car and drive away. The researchers used a relay device connected to a laptop, which mimics the signal of a trusted device and unlocks the car. However, researchers state that hackers could get into the system even remotely, without having to be present anywhere near the vehicle.

The technology in question is called Bluetooth Low Energy (BLE), which allows owners to unlock & operate their cars via their smartphones, when within a certain proximity range. The technology was never said to have been developed with security in mind, hence any "cheap off-the-shelf hardware" is sufficient to unlock a car using the BLE technology from anywhere in the world.

While Teslas were used to demonstrate the vulnerability, researchers state that the BLE technology is offered on millions of vehicles across the world. It is not just limited to cars but also tech such as smartwatches, laptops, smartphones, residential smart locks & many others.

The NCG Group criticizes those using the BLE tech for security systems, as it goes beyond its 'intended purposes'. However, the cybersecurity firm doesn't yet have a solution to the problem.

Source: Reuters

Link to Team-BHP news

Mr.Boss · 19th May 2022, 20:54

Something that is expected and with the technology of connected cars, it will be much more severe.

Studies and reports were flooding from yesteryears on this regard

https://www.trustonic.com/opinion/to...onnected-cars/

https://www.techuk.org/resource/comm...ne%20operation

https://www.diva-portal.org/smash/ge...FULLTEXT01.pdf

volkman10 · 20th May 2022, 14:06

NCC Group security expert Sultan Qasim Khan was able to hack and unlock the Tesla Model Y in just ten seconds. He did it with a laptop, a connected relay device and a little programming knowledge.

https://www.youtube.com/watch?v=HF-t...nnel=DanGoodin

darthvader001 · 21st May 2022, 00:10

To make this happen you need two BT devices, one near the owner's mobile and another near the car. But definitely a major security issue. The Automotive world woke up about the Cyber security when a Chrysler car was hacked few years and also a Jeep Cherokee.

To prevent this, there must have been an user input, for e.g. pin or fingerprint, in addition to the mobile proximity. Also to the proximity they should TOF checks. The user input should pop up on the mobile, this is like second level authentication (like password and OTP).

Knowing Tesla they can/will fix with a software update to car and mobile app. Other than this second level authentication there is no security patch from Bluetooth because the hack is within the spec as they're simply relaying BT signals. So no CVE patch.

clevermax · 21st May 2022, 06:50

I would put such a key in a Faraday cage fob pouch when not in use. That is the best way to deal with it until they come up with a solution or change the technology.

19th May 2022, 15:52	#1
RahulNagaraj Senior - BHPian Join Date: Mar 2021 Location: Bangalore Posts: 2,121 Thanked: 20,646 Times	Tesla cars unlocked within seconds via Bluetooth hack; Researchers expose vulnerability Sultan Qasim Khan, a researcher from the cybersecurity firm NCG Group has found a vulnerable flaw in the Bluetooth technology used to lock/unlock vehicles. Using the latest Tesla Model 3 & Model Y as examples, researchers demonstrated how easy it is to hack into the Bluetooth technology, unlock the car and drive away. The researchers used a relay device connected to a laptop, which mimics the signal of a trusted device and unlocks the car. However, researchers state that hackers could get into the system even remotely, without having to be present anywhere near the vehicle. The technology in question is called Bluetooth Low Energy (BLE), which allows owners to unlock & operate their cars via their smartphones, when within a certain proximity range. The technology was never said to have been developed with security in mind, hence any "cheap off-the-shelf hardware" is sufficient to unlock a car using the BLE technology from anywhere in the world. While Teslas were used to demonstrate the vulnerability, researchers state that the BLE technology is offered on millions of vehicles across the world. It is not just limited to cars but also tech such as smartwatches, laptops, smartphones, residential smart locks & many others. The NCG Group criticizes those using the BLE tech for security systems, as it goes beyond its 'intended purposes'. However, the cybersecurity firm doesn't yet have a solution to the problem. Source: Reuters Link to Team-BHP news
	(13) Thanks

19th May 2022, 20:54	#2
Mr.Boss Distinguished - BHPian Join Date: Mar 2011 Location: GPS signal lost Posts: 2,811 Thanked: 7,464 Times View My Garage	Re: Tesla cars unlocked within seconds via Bluetooth hack; Researchers expose vulnerability Something that is expected and with the technology of connected cars, it will be much more severe. Studies and reports were flooding from yesteryears on this regard https://www.trustonic.com/opinion/to...onnected-cars/ https://www.techuk.org/resource/comm...ne%20operation https://www.diva-portal.org/smash/ge...FULLTEXT01.pdf
	(3) Thanks

21st May 2022, 00:10	#4
darthvader001 BHPian Join Date: Dec 2021 Location: Bangalore Posts: 74 Thanked: 151 Times	Re: Tesla cars unlocked within seconds via Bluetooth hack; Researchers expose vulnerability To make this happen you need two BT devices, one near the owner's mobile and another near the car. But definitely a major security issue. The Automotive world woke up about the Cyber security when a Chrysler car was hacked few years and also a Jeep Cherokee. To prevent this, there must have been an user input, for e.g. pin or fingerprint, in addition to the mobile proximity. Also to the proximity they should TOF checks. The user input should pop up on the mobile, this is like second level authentication (like password and OTP). Knowing Tesla they can/will fix with a software update to car and mobile app. Other than this second level authentication there is no security patch from Bluetooth because the hack is within the spec as they're simply relaying BT signals. So no CVE patch.
	() Thanks

21st May 2022, 06:50	#5
clevermax Senior - BHPian Join Date: Jun 2006 Location: Tvm/Amsterdam Posts: 2,086 Thanked: 2,640 Times View My Garage	Re: Tesla cars unlocked within seconds via Bluetooth hack; Researchers expose vulnerability I would put such a key in a Faraday cage fob pouch when not in use. That is the best way to deal with it until they come up with a solution or change the technology. Last edited by clevermax : 21st May 2022 at 06:52.
	(1) Thanks