From his earliest days, Elon Musk was more than convinced that hackers would not be able to access his Tesla cars, that it was impossible. So much so that the company then offered its vehicles to a series of hackers to try to exploit potential gaps of security in their systems under a reward of 890,000 dollars. But the truth is that now some researchers have succeeded… and only with the use of bluetooth.
Tesla vulnerability discovered by hackers
And it is that Musk, then, was involved because his vehicles are the safest on the market. The South African billionaire not only wants his Tesla to be the more technical vehicles, but they are also intended to be the safest. But now, as a result of this security of the Tesla, a group of hackers has tried the maneuver… and they have succeeded.
Without a doubt, it is one of Musk’s main fears: that a car as technologically advanced as the Model 3 (here its technical sheet) can stop being controlled by the driver and become under the control of a malicious hacker looking to do damage with the car. For this reason, last year Pwn2Own was already presented, a contest for ‘white hat’ hackers -who only look for vulnerabilities to improve security-, seeking to improve the results of that time.
However, as security researchers from the NCC Group have deciphered, they have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate to target devices. . However, this vulnerability has to do with one of its most revolutionary functions: the fact that no key needed neither to get inside them nor to make them start.
The fragility is in the ‘no-key’ of the cars
And it is that Tesla users love the ingenious system of keyless access from the manufacturer, which consists of a hands-free system that does not require taking out the key to open the car and start them. In addition, the mobile phone can even be used to do this remotely. However, a cybersecurity researcher has shown how the same technology could allow thieves to get away with certain models of electric vehicles.
According to Sultan Qasim Khan, a senior consultant for this security firm, a hacker could unlock the vehicle, start it, and speed off. How? Interfering with communications between the owner’s mobile phone or key fob and the car, intruders can trick the entry system into thinking the owner is physically near the vehicle.
As such, they have shown that the weakness is not one of Tesla’s products or the ingenuity of hackers, but rather the use of the keyless access system that is based on what is known as the Bluetooth Low Energy protocol ( BLE). Thus, the suppression of the conventional key in favor of the mobile in boast of modernity and revolution could give you major cybersecurity headaches.
Modernity and revolution… with security problems
In their test, the members of the NCC Group in this case explained that they were able to carry out this relay attack by tricking the Tesla system into believing that the owner is physically close to the vehicle. This even comes after another security researcher in recent months revealed a way to hijack some functions in Tesla vehicles, such as opening and closing doors and controlling music volume.
As we say, everything is based on the BLE bluetooth protocol, which was designed to comfortably link devices over the Internet, although it has also emerged as a method that hackers exploit to unlock smart technologiessuch as locks on houses, cars, phones and laptops.