Photo: Tesla
In the past few years, Tesla has fitted its electric vehicles with Ultra-Wideband chips that enhance phone key performance. However, researchers have found that Tesla EVs are still vulnerable to relay attacks despite the new technology. This allows thieves to steal a Tesla in seconds using cheap radio devices.
Tesla vehicles are not among the easiest to steal, thanks to the many safety features that are baked into the cars. Tesla software is among the most secure in the automotive industry, so getting access to it is difficult. Tesla also offers a PIN-to-drive feature that can prevent cars from driving unless the correct PIN is entered. Even if high-tech criminals manage to drive off with a stolen Tesla, the vehicle can still be tracked thanks to the standard GPS positioning. And because the tracking and communication device is integrated into the infotainment PCB, it's not easy to deactivate.
However, this doesn't mean that a Tesla cannot be stolen. Although statistics show that Teslas are among the least stolen vehicles, they get stolen. Cars that use a key fob for keyless entry are especially vulnerable because of the relay attack. Using inexpensive radio devices, thieves can relay the radio signal from the key fob to the car. Thankfully, Tesla no longer ships its vehicles with a key fob unless the owner orders one. Instead, most owners use an NFC key card, which works at much closer distances, thus being immune to relay attacks.
However, owners can still use their phone as a key. This uses the phone's Bluetooth signal, which is nowhere near as secure as NFC. Although very convenient, this feature opens the door (pun intended) to vulnerabilities, allowing an attacker to unlock your car and drive off. This is why everyone was relieved when Tesla introduced Ultra-Wideband (UWB) support. This technology lets the car know exactly where the driver is and whether they are moving away or approaching the vehicle.
Not all Teslas are equipped with a UWB chip (the Model Y and legacy Model 3, as long as older Model S and Model X aren't). Still, those that are equipped can perform useful tricks, like automatically selecting the driver profile based on whose phone is closer to the driver's seat or opening the trunk when you stand behind the car. People thought the new technology would make Teslas immune to relay attacks. However, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated this is not the case.
Even the refreshed Model 3, which comes with the new Ultra-Wideband technology, can be hacked using the relay attack. However, this has nothing to do with the UWB technology. GoGoByte researchers could carry out their relay attack against the latest Tesla Model 3 over Bluetooth, just as they had with earlier models.
However, Tesla could've used the UWB functionality to check whether the driver is in proximity before allowing the car to unlock over Bluetooth. However, it does not. According to Tesla's product security team, Tesla is still working on offering UWB ranging. This will be enforced when it proves reliable and doesn't affect the user's experience. Until then, owners are still recommended to activate the trusted PIN-to-drive feature.
However, this doesn't mean that a Tesla cannot be stolen. Although statistics show that Teslas are among the least stolen vehicles, they get stolen. Cars that use a key fob for keyless entry are especially vulnerable because of the relay attack. Using inexpensive radio devices, thieves can relay the radio signal from the key fob to the car. Thankfully, Tesla no longer ships its vehicles with a key fob unless the owner orders one. Instead, most owners use an NFC key card, which works at much closer distances, thus being immune to relay attacks.
However, owners can still use their phone as a key. This uses the phone's Bluetooth signal, which is nowhere near as secure as NFC. Although very convenient, this feature opens the door (pun intended) to vulnerabilities, allowing an attacker to unlock your car and drive off. This is why everyone was relieved when Tesla introduced Ultra-Wideband (UWB) support. This technology lets the car know exactly where the driver is and whether they are moving away or approaching the vehicle.
Not all Teslas are equipped with a UWB chip (the Model Y and legacy Model 3, as long as older Model S and Model X aren't). Still, those that are equipped can perform useful tricks, like automatically selecting the driver profile based on whose phone is closer to the driver's seat or opening the trunk when you stand behind the car. People thought the new technology would make Teslas immune to relay attacks. However, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated this is not the case.
Even the refreshed Model 3, which comes with the new Ultra-Wideband technology, can be hacked using the relay attack. However, this has nothing to do with the UWB technology. GoGoByte researchers could carry out their relay attack against the latest Tesla Model 3 over Bluetooth, just as they had with earlier models.
However, Tesla could've used the UWB functionality to check whether the driver is in proximity before allowing the car to unlock over Bluetooth. However, it does not. According to Tesla's product security team, Tesla is still working on offering UWB ranging. This will be enforced when it proves reliable and doesn't affect the user's experience. Until then, owners are still recommended to activate the trusted PIN-to-drive feature.
Google News