Wednesday, September 28, 2022
Home Tech News Teslas can be stolen with a £300 gadget and there isn’t much...

Teslas can be stolen with a £300 gadget and there isn’t much you can do about it

A report has highlighted a security issue with the Tesla Model Y (Credits: AP)

Thieves can outsmart Tesla’s keyless security tech using a mobile phone and a £300 relay device, a new report states.

Working as a pair, thieves could theoretically unlock and even start a Tesla Model Y in seconds, a researcher from security firm IOActive wrote in the white paper.

Owners can unlock their cars and switch on the engine with a key fob, their mobile phone or a special card equipped with near field communication technology.

To access the car, one thief needs to get within a few centimetres of the owner’s NFC card or mobile phone — if they have a virtual key installed — while the other stays by the vehicle itself.

In the scenario devised by principal security consultant Josep Pi Rodriguez, this thief can begin the heist with the help of a £300 radiofrequency identification device called a ‘Proxmark RDV4.0’.

They can use this device to hijack an NFC reader in the driver side door. This normally allows owners to access the car.

With the device, the thief can trigger the reader to send a ‘challenge’ out to the owner’s NFC card or phone.

This normally wouldn’t travel very far. But with the Proxmark device, the thief can transmit this challenge to their accomplice’s phone via bluetooth or WiFi. This gives it a wider, albeit still restricted, range.

Assuming the accomplice is within a few inches of the owner’s keycard, their phone can send its response back to the Proxmark, which transmits it to the car, unlocking the door and turning it on.

If the thieves want to steal the car itself, they may run into a hiccup without the owner’s own NFC card. Once they shut off the engine, they won’t be able to turn it back on again.

In this case, the owner is still at risk of losing any possessions left in their vehicle, as well as losing the car itself should the thieves simply strip it or sell it for parts.

Pi Rodriguez says thieves could potentially add a second NFC keycard to enable continued use of the vehicle, but this would involve staging a second relay attack.

Nonetheless, he told The Verge it would be difficult for the Elon Musk-fronted firm to prevent these kinds of attack.

‘To fix this issue is really hard without changing the hardware of the car — in this case the NFC reader and software that’s in the vehicle,’ he says.

But he added the company was still ahead of many of its competitors when it came to security.

Tesla logo

A security consultant says some Tesla cars are at risk of attack (Credits: Reuters/Arnd Weigmann)

‘Tesla takes security seriously, but because their cars are much more technological than other manufacturers, this makes their attack surface bigger and opens windows for attackers to find vulnerabilities,’ he said.

‘That being said, to me, Tesla vehicles have a good security level compared to other manufacturers that are less technological.’

Implementing a ‘PIN-to-drive’ option would help protect a vehicle from this kind of attack, he said.

But many Tesla owners may even know this exists, he added.

MORE : The best luxury ride on cars for kids from mini Teslas to a baby Bugatti

MORE : Hackers are using WeTransfer links to spread malware

MORE : Listen to hackers brilliantly wasting Russian officials’ time with phone prank

- Advertisment -

Most Popular

Former Calgary Dino now a rookie with NFL’s Los Angeles Chargers

Canadian Deane Leonard has certainly taken the path less travelled to the NFL’s Los Angeles Chargers. The 22-year-old cornerback is in his rookie season with...

‘Impact success!’ Nasa spacecraft smashes asteroid in first ever ‘planetary defence test’

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video Nasa has successfully crashed a spacecraft into a small asteroid...

TikTok could face £27m fine for failing to protect children’s privacy

TikTok could face £27m fine for failing to protect children’s privacyInvestigation finds video-sharing app may have breached UK data protection law between 2018 and...

Eight states sue crypto lender Nexo over security sales and misleading marketing

/ New York’s attorney general alleges that the company’s Earn Interest Product was a security, one that the company wasn’t registered to sell,...