Toronto, Ontario — Everyone knows that often what seems to be too good to be true is usually exactly that—experts are coming to similar conclusions with things like keyless entry on Tesla vehicles and how the added convenience is largely outweighed by the cybersecurity vulnerabilities that this relatively new technology possesses.
Sultan Qasim Khan, a principal security consultant at Manchester, UK-based security firm NCC Group, says that thieves can exploit the entry systems of Tesla Model S and Y vehicles with relative ease and be speeding off in your vehicle in a matter of seconds.
Criminals have learned how to redirect communications between a car owner’s mobile phone, or key fob, and the car, and fool the entry system into thinking the owner is located physically near the vehicle.
Khan says this exploit is by no means exclusive to Tesla vehicles. He says that he has been in talks with Tesla and other automakers to try and implement updates to improve cybersecurity on vehicles equipped with this technology.
In many cases, a physical update of a vehicle’s hardware and the keyless entry system itself would be required to effectively fix the vulnerabilities.
Due to the fairly rudimentary nature of the Bluetooth technology used to operate keyless entry systems, thieves are often able to equip themselves with a basic set of reprogramming tools for about $100; a factor that greatly contributes to the upswing in vehicle theft over the past several years.
“An attacker could walk up to any home at night—if the owner’s phone is at home – with a Bluetooth passive entry car parked outside and use this attack to unlock and start the car,” said Khan.
“Once the device is in place near the fob or phone, the attacker can send commands from anywhere in the world.”
One Response
This is the reason why Tesla owners can add a PIN code to unlock the car. You can open it, but you cannot drive it, without the PIN code.