Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of electric vehicles.
A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group.
By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.
The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.
There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.
Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said.
The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.
BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as a method that hackers exploit to unlock smart technologies, including house locks, cars, phones and laptops, Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.
Kwikset Corp. Kevo smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in the lock app.