New Bluetooth attack could unlock Tesla vehicles and smart locks remotely –

Security researchers have demonstrated a new Bluetooth relay attack that allows some Tesla vehicles to be unlocked and controlled remotely.

The vulnerability resides in Bluetooth Low Energy (BLE), the technology used by Tesla’s access system that allows drivers to unlock and operate their car at close range using the app or key fob. Most devices and vehicles that rely on this type of proximity-based authentication are designed to protect against a series of relay attacks, which typically work by catching the radio signal used, for example, to unlock a vehicle and replaying it. as if it were an authentic request, by using encryption and introducing checks that can make relay attacks more difficult.

But researchers from the UK-based NCC Group say they have developed a tool for performing a new type of BLE link layer relay attack that bypasses existing solutions, theoretically allowing attackers to unlock and operate vehicles remotely.

Sultan Qasim Khan, senior security advisor at NCC Group, said: in a blog post that it tested the attack on a 2020 Tesla Model 3 using an iPhone 13 mini running a recent but older version of the Tesla app. The iPhone was placed 25 meters away from the vehicle, according to the researchers, with two relay devices between the iPhone and the car. Using the tool, the researchers were able to unlock the vehicle remotely. The experiment was also successfully replicated on a 2021 Tesla Model Y, which also uses phone-as-a-key technology.

While the attack on Tesla vehicles was demonstrated, Khan notes that any vehicle that uses BLE for its keyless entry system could be vulnerable to this attack. in a separate advisorywarns NCC Group that the attack could also be used against the Kwikset and Weiser Kevo line of smart locks, which support BLE passive access through their “touch-to-open” functionality.

“Our research shows that systems that people rely on to monitor their cars, homes and private data use Bluetooth proximity authentication mechanisms that can be easily broken with inexpensive off-the-shelf hardware,” Khan said.

The researchers disclosed their findings to Tesla and the Bluetooth Special Interest Group (SIG), an industry group that oversees the development of the Bluetooth standard, which acknowledged the problem but said relay attacks were a known issue with Bluetooth. Tesla officials also said relay attacks were a known limitation of the passive input system. Tesla did not respond to’s request for comment. (Tesla scrapped its PR team in 2020.)

“NCC Group recommends that the SIG proactively advise its members in developing proximity authentication systems about the risks of BLE relay attacks,” Khan added. “In addition, documentation should make it clear that relay attacks are practical and should be incorporated into threat models, and that neither link-layer encryption nor expectations of normal response timing are defenses against relay attacks.”

The researchers encourage Tesla owners to use the PIN-to-Drive feature, which requires a four-digit PIN to be entered before the vehicle can be driven, and to disable the passive input system in the mobile app.

Tesla is no stranger to security flaws. Earlier this year, a 19-year-old security researcher said he was able to remotely access dozens of Teslas around the world because security bugs found in an open source logging tool popular with Tesla owners put their cars directly on the Internet. .

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

More from author


Please enter your comment!
Please enter your name here

Related posts


Latest posts

The Nostalgia Factor: Why Retro Gaming Continues to Thrive

In the fast-paced world of modern video games with their stunning graphics, lifelike simulations, and complex narratives, there's a distinct charm in returning to...

The Rise of Cross-Platform App Development in Australia

In the ever-evolving landscape of app development, the need for efficiency, cost-effectiveness, and wider reach has given rise to a significant trend: cross-platform app...

Embracing Efficiency and Nature: Why Outdoor Pods Trump Typical Cubicles

In the ever-evolving world of work, the concept of the traditional office is undergoing a profound transformation. The limitations of the conventional cubic office...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!