Researchers have found a flaw in Bluetooth Low Energy (BLE) that allows an unknown device to be treated as familiar. This is a problem because many smart devices use BLE to recognise a trusted device as a key. The researchers even demonstrated the effectiveness of their Bluetooth-busting device by opening a locked Tesla and driving it away.
The vulnerability affects the Tesla Model 3 and Tesla Model Y, but as Reuters points out, millions of cars from other brands are affected, too.
Watch as a researcher from the NCC Group shows how easy it is to plant a relay device and remotely hijack the trusted connection between a phone and a 2021 Tesla Model Y in this video from The Telegraph:
The researchers used a relay device connected to a laptop to mimic the signal of a trusted device — in this case, the smartphone that the Tesla owner programmed to be used in lieu of Tesla’s RFID key card. The video shows the researcher carrying the device to the car, but using this method, hackers could be on the other side of the world and still unlock and operate the car. What’s worse, hackers can exploit the vulnerability to break into any BLE-powered device, including smart locks on homes or businesses.
Here’s the scary thing: This is a feature of BLE, not a bug. Or more like a design feature that became a bug. According to the researchers, BLE wasn’t engineered with security in mind, and you can’t really strengthen security that was never there in the first place.
Yup. I think it’s time we ditched BLE and went with UWB, because there’s no fix for this. At least, not through a software patch.
So what can owners of Teslas and other cars with BLE-based security do? NCC Group recommends disabling passive entry altogether. But if that sounds too old-fashioned, the researchers suggest adding a PIN code for security, as well as placing time limits on the entry system to disable hands-free entry if the phone or key has been stationary longer than a minute.