Photo: Tesla/www.iti.illinois.edu
NCC Group is a cybersecurity company specialized in showing vulnerabilities before bad guys can take advantage of them. It tried to show Tesla that thieves can not only open a Tesla Model S or Model Y in seconds: they can also start the vehicle and drive it away. Tesla said it did not find it a relevant issue, which only makes sense when you learn what the company would have to do to prevent it.
According to what Sultan Qasim Khan told Bloomberg, it would be a costly fix. NCC Group’s principal security consultant said Tesla would have to replace the hardware and change its keyless entry system. Curiously, Khan also said it applies only to the Model S and Model Y. We suspect that has to do with the fact that he could only test it with these vehicles so far. The Model X and the Model 3 use the same technology, which would mean all Tesla vehicles are subject to this security flaw.
The EV maker adopts the BLE (Bluetooth Low Energy) protocol to open and start its vehicles. The vulnerability is not exclusive to Tesla vehicles, but other companies promised to take measures to prevent it. That was the case with Kwikset’s smart locks. The company said iPhone users could adopt two-factor authentication to avoid that, while Android users will get an update in the summer to allow them to do the same thing.
Khan managed to open and start Tesla vehicles with a relay attack, which uses two portable devices that work as an electronically operated switch. One of them has to be placed within 15 yards (13.7 meters) of the Tesla key fob or smartphone that opens and starts the vehicle. The other connects to the hacker’s laptop, kept close to the car.
That would work if the EV owner were in Japan and their Tesla in the U.S. As long as the laptop is close to the vehicle and the other device is around the key fob, the internet makes the necessary connection. All the hacker has to do is enter the required commands, open the EV and silently drive it away.
That’s another piece of evidence that Tesla ignored the effects of mass production. If the issue relates to hardware, no OTA (over-the-air) update can fix it. Replacing the keyless hardware would not only be expensive – multiply whatever its components cost for the millions of EVs Tesla has sold so far. It would also make Tesla Service Centers even more crowded than they already are.
So far, there is no report of anyone stealing a Tesla vehicle with this method. The EV maker is probably counting no one will ever use it. If Tesla’s reaction to what NCC Group presented foretells what it will do, expect the company only to take any measure if theft cases explode. That may happen after Tesla sells some more million EVs, which will make it even more expensive to fix. Remember that NCC Group, Khan and Bloomberg tried to warn Tesla about that.
The EV maker adopts the BLE (Bluetooth Low Energy) protocol to open and start its vehicles. The vulnerability is not exclusive to Tesla vehicles, but other companies promised to take measures to prevent it. That was the case with Kwikset’s smart locks. The company said iPhone users could adopt two-factor authentication to avoid that, while Android users will get an update in the summer to allow them to do the same thing.
Khan managed to open and start Tesla vehicles with a relay attack, which uses two portable devices that work as an electronically operated switch. One of them has to be placed within 15 yards (13.7 meters) of the Tesla key fob or smartphone that opens and starts the vehicle. The other connects to the hacker’s laptop, kept close to the car.
That would work if the EV owner were in Japan and their Tesla in the U.S. As long as the laptop is close to the vehicle and the other device is around the key fob, the internet makes the necessary connection. All the hacker has to do is enter the required commands, open the EV and silently drive it away.
That’s another piece of evidence that Tesla ignored the effects of mass production. If the issue relates to hardware, no OTA (over-the-air) update can fix it. Replacing the keyless hardware would not only be expensive – multiply whatever its components cost for the millions of EVs Tesla has sold so far. It would also make Tesla Service Centers even more crowded than they already are.
So far, there is no report of anyone stealing a Tesla vehicle with this method. The EV maker is probably counting no one will ever use it. If Tesla’s reaction to what NCC Group presented foretells what it will do, expect the company only to take any measure if theft cases explode. That may happen after Tesla sells some more million EVs, which will make it even more expensive to fix. Remember that NCC Group, Khan and Bloomberg tried to warn Tesla about that.
Google News