Tesla Inc has some of the most futuristic cars on the market. Owners don’t use traditional keys to gain access; they don’t even have that option.
An owner will normally have their phone connected via Bluetooth which will unlock the car and have it ready to drive as soon as they walk up. There is also a backup keycard that needs to physically touch the vehicle’s B pillar in case a phone is lost or out of juice.
But a security firm has found a weakness in this approach, as shared by Teslarati.
Cybersecurity firm NCC Group said Tesla’s vehicles are vulnerable to a hack that is a weakness in the Bluetooth protocol. Someone with the means can use a small relay device to mimic the owner’s phone if it’s within range of the attacker’s laptop. While the phone normally needs to be extremely close to the car to allow entry and driving, this relay attack could unlock the car even if the phone would normally be too far away.
The hack was performed on a 2021 Tesla Model Y, but will work on any vehicle relying on Bluetooth, the group said. Luckily, Tesla vehicles have one feature that can help prevent this problem. Owners can enable a PIN, which must be entered even if the key is present, Bluetooth or otherwise, for the car to drive.