In order for the hack to work, two attackers are required, and one must get within two inches of your key card or smartphone.
It seems criminals are always looking for new ways to steal cars, and Tesla’s EVs are a welcome target. Cars are still relatively hard to get, and Tesla’s vehicles are selling for top dollar. One would think that with all the new technology and security systems on cars, they’d be harder to steal. And while they are, that technology also opens up doors for hackers and techies to work their magic.
A recent video published by IOActive shows a brief clip of two attackers stealing a Tesla Model Y. The process appears to be very quick and relatively easy, but it can prove tricky. Basically, once the Tesla owner exits the car and begins to walk away, one person must be near the car and ready to unlock it. Meanwhile, the other criminal needs to walk very closely with the Tesla owner to get within two inches of their key card or smartphone.
According to a related article published by Electrek, a security research team at IOActive was able to reverse engineer Tesla’s NFC protocol to show that an NFC relay attack can prove successful in stealing a Tesla EV.
In short, IOActive uses the protocol that Tesla’s vehicles need to communicate between the car and its keys. The company then uses a Proxmark RDV4.0 device that can relay the NFC communications over Bluetooth and or Wi-Fi.
It may sound complicated, and you don’t really need to fully understand it to know it’s possible. When you watch the short video example, it should make more sense. IOActive also shared the details of the attack in a white paper. The following details from the white paper were published by Electrek:
“This relay attack requires two attackers; in this case, one of the attackers will be using the Proxmark device at the vehicle’s NFC reader, and the other can use any NFC-capable device (such as a tablet, computer, or for the purposes of this example, a smartphone) close to either the victim’s Tesla NFC card or smartphone with the Tesla virtual key.”
Depending on the situation, it may or may not be difficult for an attacker to get within two inches of a Tesla owner’s key or phone. Doing so without raising red flags or being able to later be identified could prove difficult. The researchers assume the hack may be able to be carried out from further distances, but they haven’t yet tested it out.
While many cars are stolen each day on our shores, interestingly, Tesla’s vehicles aren’t high on the list. Every Tesla comes with a built-in camera-based Sentry Mode security feature, and there’s also an optional “PIN to Drive” feature you can set up for increased security. Now that Tesla has been made aware of this potential vulnerability, it will likely begin work on an over-the-air software update to combat it.
Keyword: Hackers Can Steal Tesla's EVs With New Tricky Relay Attack