Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Bluetooth hack compromises Teslas, digital locks, and more

This site may earn commission on affiliate links.
P

peterfd

Member
Apr 24, 2019
57
24
Vancouver
#1
Has anyone has any theft issues because of this Bluetooth "link layer relay attack"?

research.nccgroup.com

Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks

Vendor: Tesla, Inc. Vendor URL: Versions affected: Attack tested with vehicle software v11.0 (2022.8.2 383989fadeea) and iOS app 4.6.1-891 (3784ebe63). Systems Affected: Attack tested on Model 3. M…
research.nccgroup.com research.nccgroup.com

www.digitaltrends.com

Bluetooth hack compromises Teslas, digital locks, and more | Digital Trends

Security researchers have found a way to circumvent digital locks and security systems that rely on Bluetooth fobs and smartphones for authentication.
www.digitaltrends.com www.digitaltrends.com
 
  • Like
Reactions: pereiks
#2
peterfd said:
Has anyone has any theft issues because of this Bluetooth...
Click to expand...
It was really easy, quick and very popular to steal Tesla in seconds with traditional fob (non-bluetooth) that's not next to the car in Europe. The fob can be far away in a bedroom and the Tesla is parking outside of the house.

Thieves in the US should be able to update their annual Continuing Education Creditals by learning that trick from Europe but there's no similar reports in the US.

That stealing stopped when Tesla offered PIN to drive.

Now, Tesla has a Bluetooth version and looks like it's the same method as if it's non-bluetooth: No need to figure out the encryption, just relay the signal intact.

So, guess what's the counter measure would be this time?

Yes, the old fashion PIN to drive. Destroying your fobs and phones would achieve the same objective.
 
Last edited:
#4
The attack is targetted: it requires one attacker near the victim's phone and one attacker near the victim's car. (And they need to communicate over wifi or cellular data.) That's not a scenario I'm super-worried about (if the attackers are that dedicated, they can probably find other, easier, ways to steal from me).

FWIW, the attack could be mitigated if the Tesla App used the phone's GPS to verify that the phone is, indeed, in close proximity to the car (instead of merely assuming that it is, because they are "communicating" over bluetooth).
 
#6
Tam said:
The demo didn't say how near is near but for this video, it's 20 meters away. That's 65.6 feet!

If the car is on the driveway at home and the phone is in the bedroom, most likely it's within 65.6 feet.
Click to expand...


Mmmm. IIUC, the phone has to be far enough away from the car that it's not connected via bluetooth to the car. That means two attackers ...

20 meters is really far for a bluetooth connection. 10m is more typical range. Your point is well-taken, though: "near" need not be all that near.
 
You must log in or register to reply here.

Similar threads

S
Has UWB hardware made it into HW4 vehicles?
Replies
33
Views
4K
Software: Firmware Updates, Features, Tesla App
Hickster
H
tps5352
Center Display Screen Settings: "Passive Entry" vs. "Mobile Entry"
Replies
3
Views
298
Software: Firmware Updates, Features, Tesla App
tps5352
tps5352
D
Time to start using your PIN to drive...
Replies
34
Views
5K
AI, Autopilot, & Autonomous/FSD
CyberGus
CyberGus
Transformer
Can now use phone-key with rented Teslas
Replies
0
Views
1K
Americas -
Transformer
Transformer
joesgarage
New Bluetooth hack voor Model 3 en Model Y
Replies
30
Views
2K
Belgium and the Netherlands
Phil V
Phil V
Top
Back
Blog
New
Forum list
Marketplace
Menu