Teslas are among the most susceptible vehicles to be hacked due to their Bluetooth locks, cybersecurity firm NCC Group said. The cars can be remotely unlocked and controlled by hackers that can exploit a vulnerability in the Bluetooth system’s security, the group said.
NCC Group researcher Sultan Qasim Khan was shown in a video opening, then driving a Tesla using a small relay device attached to a laptop. The device bridged a large gap between the Tesla and the Tesla owner’s phone, Reuters said.
“This proves that any product relying on a trusted BLE connection is vulnerable to attacks even from the other side of the world,” NCC said in a statement. BLE means Bluetooth Low Energy, and is a technology utilized in vehicles and Bluetooth locks that will automatically unlock or unlatch when an authorized device is nearby. While it is a convenience feature, it is not immune to attacks, which was the point of NCC’s experiment.
The hack was performed on a 2021 Tesla Model Y, but NCC Group maintains that any lock utilizing BLE technology, including residential smart locks, could be unlocked in the same manner. This essentially means that, with the right technology in the wrong hands, a car or a home could be controlled or invaded.
The Group also stated that the vulnerability in the BLE locks was not traditional and would not be fixed with software updates. Additionally, added BLE-based authentication was not originally designed for use in locking mechanisms, the report states. Instead, BLE was developed for fitness, healthcare, and home entertainment applications.
“In effect, systems that people rely on to guard their cars, homes, and private data are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware,” NCC added regarding the BLE authentication. “This research illustrates the danger of using technologies for reasons other than their intended purpose, especially when security issues are involved.”
Tesla has routinely looked for weaknesses in its security systems. The company has participated in Pwn2Own events on several occasions, which allows hackers to attempt to infiltrate some of the most notable companies in the world and their best products. Tesla gave away a Model 3 as a prize for finding vulnerabilities in the company’s security.