Security News > 2022 > May > Pentester pops open Tesla Model 3 using low-cost Bluetooth module
Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be fooled by a new form of relay attack.
Discovered and tested by researchers at NCC Group, the attack allows anyone with a tool similar to NCC's to relay the Bluetooth Low Energy signal from a smartphone that has been paired with a Tesla back to the vehicle.
In its testing, NCC Group said it was able to perform a relay attack that allowed researchers to open a Tesla Model 3 from a home in which the vehicle's paired device was located, approximately 25 meters away.
Using phone-side and vehicle-side relaying devices made from $50 Bluetooth development modules, the team said it managed to gain full access to the Tesla when the vehicle-side relay was brought within 3 meters.
While NCC only tested the attack on a Tesla Model 3, Sultan Khan, senior security researcher at NCC and the author of the advisory, said the technology used in the Tesla app is the same when connecting to a Model 3 or Y. Khan also theorized that Model 3 and Y key fobs were also likely affected, though those weren't tested either.
At the same time NCC Group released its Tesla BLE relay hack advisory, it published a second advisory authored by Khan.