A UK-based cyber-security researcher has demonstrated how a vulnerability with Bluetooth Low Energy (BLE) could be used to unlock and drive away a Model S mid-size luxury sedan.
Late last year, Tesla became the sixth company to hit $1 trillion in market valuation, thanks to growing sales and increased profitability. The company continues to deliver stellar numbers, beating Wall Street's revenue and profit estimates with its Q1 earnings earlier this year. According to the company's announcement, it earned $18.76 billion in revenue and $3.3 billion in profit during the first three months of this year, compared to $10.39 billion in revenues and $438 million in profit over the same period last year.
Sultan Qasim Khan, a principal security consultant at cyber security and risk mitigation firm NCC Group, demonstrated a proof-of-concept hack that could potentially allow hi-tech thieves to easily steal a Tesla by unlocking it, starting it up, and driving away without the original key fob or any kind of authentication. According to Bloomberg, which says it witnessed Khan's demonstration, the technique involves redirecting communications between a Tesla and its owner's smartphone or key fob by using two small off-the-shelf hardware devices that cost around $100. It also requires custom code for Bluetooth development kits, which are available online for less than $50.
Workarounds To Mitigate The Risk
While Tesla could fix the flaw by changing some hardware in the cars and overhauling its keyless entry system, Khan says that the company officials he spoke with didn't seem too bothered with the security risk. steal cars in real life. However, according to Khan, it is still a clear and present danger for cars that have Bluetooth ive entry enabled.
Fortunately, there's an easy workaround to mitigate the risk for this hack. To prevent a Tesla from being stolen using this method, owners can simply activate the 'PIN to Drive' feature which is available as an optional extra and requires drivers to enter a custom PIN to start the vehicle. It adds an extra layer of security that ensures that only an authorized person who knows the PIN could drive the car and not thieves who have managed to gain access to the vehicle illicitly.
s can also disable 'ive entry' by selecting Controls > Settings > Doors & Locks > ive Entry and then finally turning the feature off for good. Owners who still want the convenience of ive entry despite the risks should invest in a good quality Faraday bag to store their key fob when it's not being used. These are cheap pouches that block signals to and from the key fob inside, thereby preventing would-be Tesla thieves from initiating or intercepting communications.