Cybersecurity firm NCC Group has just shown that the vulnerabilities of Bluetooth technology can be unlocked by millions of locked hackers worldwide and a Tesla was the prime example of the company.
Tesla vehicles, such as the Model 3 and Model Y, use a technology called Bluetooth Low Energy (BLE) that allows owners to unlock and operate their vehicles through their phones within a short range of vehicles. No user interaction with their device is required to do this. For vulnerabilities, all the hardware you need to hack / brake and drive away these vehicles is readily available, as the NCC Group says that only “cheap off-the-shelf hardware” is needed to hack a car or device using BLE technology. From anywhere in the world. Yes, this hack can be done from anywhere – hackers don’t have to stand in your driveway to gain access.
Reuters reports that in a video shared with them, “NCC Group researcher Sultan Qasim Khan was able to open and operate a Tesla using a small relay device attached to a laptop that created a huge gap between Tesla and the Tesla owner’s phone.”
Specifically, it was a 2021 Tesla Model Y, but the NCC Group says its exploits work on all Tesla Model 3 and Y. And while the focus here is on Tesla, it’s important to remember that all BLE-based proximity authentication systems are weak. In addition to cars, the technology is used for “residential smart locks, commercial building access control systems, smartphones, smart watches, laptops and more,” according to the NCC Group.
“What makes it stronger is that we can signal a Bluetooth device that we’re close to it – even from hundreds of miles away – but we can do that even when the vendor theoretically takes protective mitigation like encryption and latency bounding to protect. This communication from the attackers from, “Khan said.” All it takes is 10 seconds – and these exploits can be repeated endlessly. “
Other car manufacturers are introducing “phone-to-key” features that use BLE technology to work. As an example, Hyundai has already introduced a feature in the United States that states that the penetration of these vehicles is much lower than all of the currently technologically employed Tesla cars – the NCC group claims that at least 2 million Tesla roads are now vulnerable to this attack.
Unfortunately, the NCC Group does not have a big answer to the problem, and it criticizes those who use BLE as a security measure because its use of technology is outside its “purpose”. The use of BLE proximity authentication has never been designed to use locking mechanisms that require security, but companies have adopted it anyway.
This suggests that manufacturers may reduce the risk of hacking by disabling Proximity key functionality if the user’s phone is stationary for a while based on the phone’s accelerometer. It also suggests a dual-factor authentication model that requires you to tap a button on your phone to unlock the car as opposed to passive entry. Finally, the firm recommends that you simply turn off Bluetooth when you do not need your phone Of course, this is inconvenient, but it can prevent your car from being stolen already.
If you want to read more about how the NCC Group uncovered this vulnerability and the technology behind it, detailed research can be found both here and here.