Tesla cars can be stolen by using Bluetooth


2 min read

The boundaries between virtual and physical damage from cyber attacks are even more blurred after a new method of stealing Tesla cars using Bluetooth technology was discovered.

A team of researchers from the NCC group has developed a tool capable of launching a Bluetooth Low Energy (BLE) relay attack, successfully bypassing all existing protections and authentication at target endpoints.

Although this type of attack works pretty much the same on all types of devices, from smartphones to smart locks, the researchers opted for the Tesla car.

Attack works by keeping the attacker between the legitimate Bluetooth devices of the sender and receiver. In this way, the attacker can manipulate the data that enters the receiving device (in this particular case, a Tesla car).


The only challenge with this method is that the attacker must be relatively close to both the victim and the target device.

As an experiment, the researchers used the 2020 Tesla Model 3 and the iPhone 13 mini, which uses version 4.6.1-891 of the Tesla app. They used two relay devices, one seven meters from the phone and the other three meters from the car. The total distance between the phone and the car was 25 meters. The experiment was successful.

“The NCC Group was able to use this newly developed relay attack tool to unlock and control the vehicle while the iPhone was out of the BLE range of the vehicle,” the researchers said.

Later, the team successfully conducted the same experiment on Tesla ‘s 2021 Model Y.

To protect themselves from relay attacks, users can disable the passive entry system and switch to an alternative authentication method, preferably one that requires user interaction. They should also use the “Drive PIN” feature to make sure no one can drive away, even if they manage to open it successfully.







Dudescode.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com