Tech - News
The 20 Dollar Device That Can Break Into A Tesla
The YouTube channel Donut Media demonstrated a major Tesla vulnerability with the help of Sultan Qasim Khan, a cybersecurity researcher from the security firm NCC Group. In the video, the team puts together a seemingly simple and very inexpensive — about $20 — two-part gadget that makes it possible for one person near a Tesla to unlock and drive away the vehicle.
The relay attack device exploits Tesla’s passive keyless entry system, which utilizes a special key fob or smartphone and Bluetooth to determine when the driver (or, more specifically, the key) is nearby. Khan published a technical advisory in May 2022, explaining the vulnerability and how the team was able to unlock the EV and turn it on.
In a statement to Bloomberg, Khan said he had disclosed his findings to Tesla, which reportedly didn’t think the issue was “a significant risk,” though allegedly acknowledged that “relay attacks are a known limitation of the passive entry system.” He told Bloomberg that to fix the problem, Tesla would have to make changes to both the keyless entry system and the vehicle hardware.