Sultan Qasim Khan, a security consultant of the NCC Group, has disclosed a vulnerability that allows attackers to enter the salon and steal a Tesla car.
The vulnerability consists of the redirection of communication between the Tesla owner’s smartphone or key fob and the car itself.
During the demonstration, the specialist used two small repeaters purchased for $100 from a regular online store and a laptop with special software.
The vulnerability is unique to specific Tesla models – Bloomberg highlighted the Model 3 and Model Y.
Let me remind you that we wrote that Researchers made Tesla’s autopilot work without a driver, and also that Teen gets remote access to 25 Tesla cars.
It is not yet clear if the vulnerability shown by Sultan Qasim Khan has been used to steal electric cars in the past.
According to Sultan Qasim Khan, to fix this bug, the automaker will need to change their equipment and change the keyless entry system. Khan said that he had informed Tesla about the vulnerability, but company representatives in their response to the specialist called the problem not significant enough to make the necessary hardware changes.
The connection between the smartphone or key fob and the car is established using Bluetooth Low Energy (BLE) technology. According to Khan, this protocol has been used by hackers in the past to gain access to phones and laptops. The vulnerability shows that hackers can easily exploit smart home devices and even cars.
Luckily, Tesla has “PIN to Drive,” a password-protected ignition lock that can protect the car from thieves. However, it is not known how many electric car owners use this feature.
Kwikset, for its part, said that customers who use an iPhone to access the lock can enable two-factor authentication in the lock app. A Kwikset spokesperson also added that iPhone-controlled locks have a 30-second timeout to help protect against intrusion. Kwikset will update its Android app “during the summer,” the company said.