Thieves can outsmart Tesla’s keyless security tech using a mobile phone and a £300 relay device, a new report states.
Working as a pair, thieves could theoretically unlock and even start a Tesla Model Y in seconds, a researcher from security firm IOActive wrote in the white paper.
Owners can unlock their cars and switch on the engine with a key fob, their mobile phone or a special card equipped with near field communication technology.
To access the car, one thief needs to get within a few centimetres of the owner’s NFC card or mobile phone — if they have a virtual key installed — while the other stays by the vehicle itself.
In the scenario devised by principal security consultant Josep Pi Rodriguez, this thief can begin the heist with the help of a £300 radiofrequency identification device called a ‘Proxmark RDV4.0’.
They can use this device to hijack an NFC reader in the driver side door. This normally allows owners to access the car.
With the device, the thief can trigger the reader to send a ‘challenge’ out to the owner’s NFC card or phone.
This normally wouldn’t travel very far. But with the Proxmark device, the thief can transmit this challenge to their accomplice’s phone via bluetooth or WiFi. This gives it a wider, albeit still restricted, range.
Assuming the accomplice is within a few inches of the owner’s keycard, their phone can send its response back to the Proxmark, which transmits it to the car, unlocking the door and turning it on.
If the thieves want to steal the car itself, they may run into a hiccup without the owner’s own NFC card. Once they shut off the engine, they won’t be able to turn it back on again.
In this case, the owner is still at risk of losing any possessions left in their vehicle, as well as losing the car itself should the thieves simply strip it or sell it for parts.
Pi Rodriguez says thieves could potentially add a second NFC keycard to enable continued use of the vehicle, but this would involve staging a second relay attack.
Nonetheless, he told The Verge it would be difficult for the Elon Musk-fronted firm to prevent these kinds of attack.
‘To fix this issue is really hard without changing the hardware of the car — in this case the NFC reader and software that’s in the vehicle,’ he says.
But he added the company was still ahead of many of its competitors when it came to security.
‘Tesla takes security seriously, but because their cars are much more technological than other manufacturers, this makes their attack surface bigger and opens windows for attackers to find vulnerabilities,’ he said.
‘That being said, to me, Tesla vehicles have a good security level compared to other manufacturers that are less technological.’
Implementing a ‘PIN-to-drive’ option would help protect a vehicle from this kind of attack, he said.
But many Tesla owners may even know this exists, he added.