Criminals can unlock and steal your car remotely, Tesla owners warn Business

NCC Group said, “Users should be made aware of the risks of BLE relay attacks and encouraged to use the PIN to Drive feature.”

The tool uses off-the-shelf components, NCC Group told the Telegraph, but it does not reveal specific details in case criminals attempt to copy it.

Tesla’s Model 3 was the first mainstream production car to use BLE technology for keyless entry.

“In the test setup, the iPhone was placed on the top floor at the end of a house, about 25 meters from the vehicle, which was in the garage at ground level,” said Sultan Qasim Khan, researcher at the NCC Group.

Mr Khan’s reading tool was positioned about seven meters from the car, depicting a criminal hiding outside the front door or in the street. The model 3 used in the test was thus successfully unlocked.

NCC Group said the attack should be possible against Tesla Model Ys based on this car using keyless technology similar to the Model S.

Previously, BLE was considered safe against such thefts because its signals are encrypted and rely on signals being sent and received within specific time windows.

Mr Khan said in a research note that NCC’s BLE tool is able to receive and rebroadcast signals so quickly that they bypass timing-based security features.

Tesla did not immediately respond to a request for comment. NCC Group said it informed the automaker of the flaw before making it public.

Keyless car thefts now account for half of all vehicles stolen, according to figures compiled by car insurer LV= last year, although the vehicles only account for one per cent of cars on UK roads.

Keyless entry systems have long been the focus of car thieves, with early versions of the technology being exploitable using off-the-shelf equipment.

Although BLE is not specifically designed to be secure against thieves or hackers, its widespread inclusion in smartphones has led manufacturers to use the technology in high-value products such as cars for convenience.

More about this article: Read More
This notice was published: 2022-05-17 14:20:07

Leave a Reply

Your email address will not be published. Required fields are marked *