This is how a vulnerability in Bluetooth LE allows you to steal a Tesla Model 3 in two minutes

  • 17

The methods that thieves use to steal cars have evolved over time. We have already seen how someone took a Jeep Wrangler that was not theirs using a laptop. Now, a security researcher has shown that it can be unlock and start a tesla model 3 using a smartphone with a specific application that exploits a vulnerability in Bluetooth Low Energy (BLE) technology.

This security issue has been around for less than a year. In fact, its root is in an update that the American manufacturer launched in 2021 to improve the driving experience, but ended up opening the door (pun intended) for thieves with some technical knowledge to take advantage of it.

An improvement that became a problem

Before looking at the details of this method we must remember that Tesla car owners have three types of “keys”: a smart key, an NFC card and a mobile application. For a long time, those who used the NFC card had to place it in the center console to start driving, otherwise they could not start driving.

But that changed last year when Tesla decided the NFC card no longer needed to be in the center console to drive. However, the software update that modified the function brought with it other changes that were discovered by Martin Herfurt, a security researcher who is part of Project TEMPA.

For 130 seconds, the car allowed register new keyss no notifications on the center console screen; the owner was only required to make the changes from the Tesla application installed on his mobile. Herfurt discovered that the mobile and the car were counted by Bluetooth Low Energy just like any other device.

So, voila! He couldn’t think of a better idea than to create his own application called teslakee which replicates the official BLE communication protocol. As we can see in the video, once the car owner uses an NFC card to open the doors, the attacker has 130 seconds to register a new key with the malicious app.

The thief has a “legitimate” key that allows him to open and drive the car.

Once the process is complete, which does not alert the Tesla owner at any time, the thief has a “legitimate” key that allows him to open and drive the car. Although this method has been successfully tested on a Tesla Model 3, the researcher believes that other cars of the brand could also be vulnerable.

At the moment, there is no evidence that Tesla has released a software update to solve this problem, so Herfurt offers a series of recommendations to prevent theft:

Use Pin to Drive: this is a security function that can be activated from the section Protection and security of the car. This works in a similar way to the PIN of a mobile phone, it prevents you from starting to drive until the code is entered.

Check registered keys: within the application, periodically review the registered keys and delete immediately if there is one that had not been added.

Use other methods to enter the car instead of the NFC cardNote: Teslas, as we mentioned at the beginning, also support the use of smart or app keys. Using them prevents this type of attack.

I can't open my Tesla: that a mobile app is the alternative to the key of a lifetime has its risks

Finally, it should be noted that this is not the only method that can be used by thieves to steal Tesla cars. There are also “broadcast attacks” that affect those who use Passive Access.

When this feature is enabled, the car’s sensors recognize the presence of a smart key and unlock the doors. The problem? Attackers can use a team to pick up the signal from the key and amplify it to the car and access it.

In Xataka | Tesla has created a battery that lasts 100 years. It is still not the solution to the problem of the electric car

The methods that thieves use to steal cars have evolved over time. We have already seen how someone took a…

The methods that thieves use to steal cars have evolved over time. We have already seen how someone took a…

Leave a Reply

Your email address will not be published.