Security Company Hacks Into A Tesla Car Via Bluetooth…Too Easily

A cybersecurity company from the UK, NCC Group, has demonstrated how easily they can hack into a car via Bluetooth Low Energy (BLE), the technology used by many cars to enable keyless entry using a key fob or smartphone. And it can be done with “cheap off-the-shelf” hardware.

Proximity-based authentication usually uses encryption and other checks as security measures. However, demonstrating on a 2020 Tesla Model 3, NCC showed that they could used two “relaying devices” to trick the car into thinking that the owner’s phone was nearby and unlocked itself, when in fact it was 25 metres away.

According to Sultan Qasim Khan, the Group’s principal security consultant and the person in the video above, they can convince a Bluetooth device that they are near when they are even farther away, even if it were hundreds of miles.

Not only the millions of vehicles that use BLE are vulnerable, but any device that uses it to enable proximity authentication also face the same risk, including laptops and home locks. The Group also warned that the same hack can be used to open Kwikset and Weiser Kevo’s smart locks, which uses a “touch-to-open” function.

NCC apparently has notified Tesla about their security weak point. Meanwhile, the researchers encouraged Tesla owners to use the PIN to Drive feature—ie. a four-digit pin to enable the car to be driven—as a “safer” safety measure.

It’s not just clever folks from a security company who are able to hack into a car, but many smart thieves on the streets are already hacking wireless tech using a frequency-hacking device purchased easily online or at electronic stores.

Another study did find that thieves are less likely to break into cars when parked on a dark street because they can’t see what they are doing or stealing. Despite all the studies or high-tech gadgetry and software, there is no foolproof security system, really. Best make sure your insurance are up to date.

No comments yet! You be the first to comment.

Your email address will not be published.