The boundaries between virtual and physical damage from cyber attacks are even more blurred after a new method of stealing Tesla cars using Bluetooth technology was discovered.
A team of researchers from the NCC group has developed a tool capable of launching a Bluetooth Low Energy (BLE) relay attack, successfully bypassing all existing protections and authentication at target endpoints.
Although this type of attack works pretty much the same on all types of devices, from smartphones to smart locks, the researchers opted for the Tesla car.
Attack works by keeping the attacker between the legitimate Bluetooth devices of the sender and receiver. In this way, the attacker can manipulate the data that enters the receiving device (in this particular case, a Tesla car).
The only challenge with this method is that the attacker must be relatively close to both the victim and the target device.
As an experiment, the researchers used the 2020 Tesla Model 3 and the iPhone 13 mini, which uses version 4.6.1-891 of the Tesla app. They used two relay devices, one seven meters from the phone and the other three meters from the car. The total distance between the phone and the car was 25 meters. The experiment was successful.
“The NCC Group was able to use this newly developed relay attack tool to unlock and control the vehicle while the iPhone was out of the BLE range of the vehicle,” the researchers said.
Later, the team successfully conducted the same experiment on Tesla ‘s 2021 Model Y.
To protect themselves from relay attacks, users can disable the passive entry system and switch to an alternative authentication method, preferably one that requires user interaction. They should also use the “Drive PIN” feature to make sure no one can drive away, even if they manage to open it successfully.
- Windows 11 Blue Screen Update
- How durable is Steam Deck? (VIDEO)
- Huawei P50 Pro is the fist one to get 5G cover
- Twitter ready: Musk hinted at a lower purchase price
- Degoo – a cloud file storage service with 100 GB and more for free
- Google Play Store will remove almost 900,000 apps
- Fall Guys: Ultimate Knockout game for free
- Digital Euro in 2026.