Warning: This Tesla Update Can Let Hackers Pull Off a Car Heist

Warning: This Tesla Update Can Let Hackers Pull Off a Car Heist
The interior of a Tesla Model 3 electric vehicle is shown in this picture illustration taken in Moscow, Russia, on July 23, 2020. Evgenia Novozhenina/Reuters
Benzinga
Updated:
A feature that Tesla, Inc. announced in 2021 to make life easier for its car owners has provided a loophole for hackers to barge in.

What Happened

Hackers can exploit a feature that lets Tesla owners create their own key to open their cars, Martin Herfurt, an Austrian security researcher found, as per an Ars Technica report.

How It Works

The update makes it easier to start a Tesla vehicle via near-field communication (NFC) key card. It triggers the EV to automatically start within 130 seconds of unlocking with the NFC card.

While allowing this, the feature also puts the car in a state of accepting entirely new keys without requiring authentication, the researcher said. Indication about this is not given by the in-car display either, he said.

A hacker only needs to be next to the Tesla vehicle during the 130-second window. If a car owner uses the phone app to unlock the car, the hacker can use a signal jammer to block the Bluetooth Low Frequency (BLE) used by Tesla’s phone-as-a-key app.

Tesla’s logic in allowing this, according to the researcher, may have to do with allowing the car owner to start the car and drive it without having to use the key card a second time.

Although one can argue that the official Tesla app doesn’t permit keys to be enrolled unless it is connected to the owner’s account, Herfurt said the vehicle can communicate with any nearby BLE device.

The researcher has reportedly developed an app named Teslakee that speaks VCSec, the language the official Tesla app uses to communicate with Tesla cars.

By Shanthi Rexaline
© 2022 The Epoch Times. The Epoch Times does not provide investment advice. All rights reserved.