"Once the device is in place near the fob or phone, the attacker can send commands from anywhere in the world."

Beep-Beep

A security researcher has demonstrated how easy it is to trick a Tesla into letting a thief hack their way inside and even start the car, Bloomberg reports.

Sultan Qasim Khan, a security consultant at security firm NCC Group, demonstrated the technique, which involves redirecting communications between a Tesla owner's smartphone or key fob and the car itself, to journalists at Bloomberg.

During his demonstration, the researcher used two small devices that are able to relay wireless communications, which only roughly cost $100 total and can be easily bought online.

"An attacker could walk up to any home at night — if the owner’s phone is at home — with a Bluetooth passive entry car parked outside and use this attack to unlock and start the car," Khan told Bloomberg.

"Once the device is in place near the fob or phone, the attacker can send commands from anywhere in the world," he added.

Easy Way In

The hack is unique to specific Tesla models — Bloomberg specifically flagged the Model 3 and Model Y — and it's still unclear if it has actually been used by hackers to steal vehicles in the past.

Khan told Bloomberg that he told Tesla about the potential vulnerability, but company officials responded that the issue wasn't significant enough to warrant the required hardware changes — a surprising response given the apparent security risks.

The connection between the smartphone or fob and the car is established using a technology called Bluetooth Low Energy (BLE). The protocol has been exploited by hackers in the past to gain access to phones and laptops as well, according to Khan.

The vulnerability goes to show that smart home devices and even cars, could easily be manipulated into giving hackers free reign.

Fortunately, Tesla has a "PIN to Drive" feature, essentially password protection for the ignition, that could give owners a way to protect themselves from hacks, as NCC points out in its writeup about the vulnerability.

But it's unclear how many owners actually opt in to use that feature.

READ MORE: Hacker Shows Off a Way to Unlock Tesla Models, Start Cars [Bloomberg]

More on Tesla: Elon Musk Wants to Meet His Chinese Doppelgänger


Share This Article