Skip links

Pentester pops open Tesla Model 3 using low-cost Bluetooth module

Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be fooled by a new form of relay attack.

Discovered and tested by researchers at NCC Group, the attack allows anyone with a tool similar to NCC’s to relay the Bluetooth Low Energy (BLE) signal from a smartphone that has been paired with a Tesla back to the vehicle. Far from simply unlocking the door, the hack lets the attacker start the car and drive away too.

In its testing, NCC Group said it was able to perform a relay attack that allowed researchers to open a Tesla Model 3 from a home in which the vehicle’s paired device was located (on the other side of the house), approximately 25 meters away.

Using phone-side and vehicle-side relaying devices made from $50 Bluetooth development modules, the team said it managed to gain full access to the Tesla when the vehicle-side relay was brought within 3 meters. 

While NCC only tested the attack on a Tesla Model 3, Sultan Khan, senior security researcher at NCC and the author of the advisory, said the technology used in the Tesla app is the same when connecting to a Model 3 or Y. Khan also theorized that Model 3 and Y key fobs were also likely affected, though those weren’t tested either.

The advisory added:

A problem of keys

Tesla hasn’t had a good history when it comes to security researchers finding ways to unlock its cars. In 2014, a group of Chinese university students managed an on a attack Model S that allowed them to open doors, sound the horn and more while the vehicle was in motion, and a second Chinese group did much the same in 2016. That same year, the Tesla app was exploited to allow attackers to track, locate, unlock and start vehicles. Two years later, Belgian researchers managed to clone Tesla keyfobs, giving them full control of the affected vehicle.

A problem of Bluetooth

At the same time NCC Group released its Tesla BLE relay hack advisory, it published a second advisory authored by Khan. In that advisory, he explains how NCC’s novel method to hijack a Tesla works on anything relying on BLE to confirm the presence of an authorized user.

In the advisory, Khan states that BLE proximity relay attacks have been known about for years. Fortunately for fans of the protocol, existing relay attacks introduce too much latency. “Products commonly attempt to prevent relay attacks by imposing strict Generic Attribute Protocols (GATT) response time limits and/or using link layer encryption,” Khan said. 

The new tool developed by NCC Group operates at the link layer, which Khan said reduces latency down to acceptable GATT ranges. By doing so, it’s able to circumvent latency bounding and link layer encryption, Khan said. 

It’s worth noting that the Bluetooth Core Specification makes no claims that BLE proximity signals are secure. In Proximity Profile specification updates from 2015, the Bluetooth Special Interest Group (SIG) stated that “The Proximity Profile should not be used as the only protection of valuable assets,” and additionally that “There is currently no known way to protect against such attacks using Bluetooth technology.”

Car owners should disable passive entry

Khan said that the Tesla Product Security team was notified in April of the flaw. Their response was that it was a known limitation of the passive entry system. 

Tesla owners concerned about a relay attack should use the PIN to Drive feature in their Tesla, as well as disabling passive entry:

Khan also said adding checks like having the app report the device’s last known location and time-of-flight ranging could protect owners, but that’s on Tesla to fix, and Khan told Bloomberg that the company said it has no plans to do so.

Because this attack potentially affects so many devices used to secure so many things, it’s a serious issue. Khan said that Bluetooth SIG was notified of the flaw and it told him “more accurate ranging mechanisms are under development.”

We’ve asked the Bluetooth SIG to tell us more about those mechanisms and their availability, but have yet to hear back. ®