Security News > 2022 > May > Pentester pops open Tesla Model 3 using low-cost Bluetooth module

Pentester pops open Tesla Model 3 using low-cost Bluetooth module
2022-05-17 16:30

Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be fooled by a new form of relay attack.

Discovered and tested by researchers at NCC Group, the attack allows anyone with a tool similar to NCC's to relay the Bluetooth Low Energy signal from a smartphone that has been paired with a Tesla back to the vehicle.

In its testing, NCC Group said it was able to perform a relay attack that allowed researchers to open a Tesla Model 3 from a home in which the vehicle's paired device was located, approximately 25 meters away.

Using phone-side and vehicle-side relaying devices made from $50 Bluetooth development modules, the team said it managed to gain full access to the Tesla when the vehicle-side relay was brought within 3 meters.

While NCC only tested the attack on a Tesla Model 3, Sultan Khan, senior security researcher at NCC and the author of the advisory, said the technology used in the Tesla app is the same when connecting to a Model 3 or Y. Khan also theorized that Model 3 and Y key fobs were also likely affected, though those weren't tested either.

At the same time NCC Group released its Tesla BLE relay hack advisory, it published a second advisory authored by Khan.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/17/ble_vulnerability_lets_attackers_steal/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bluetooth 4 3 10 3 0 16
Tesla 6 3 5 1 0 9