Car Theft: The Persistent Threat to Tesla and Other Vehicles
Introduction
For over a decade, a car theft technique known as relay attacks has been a significant concern. Despite advancements in car security, recent research shows that even the latest models, including Tesla, remain vulnerable.
The Vulnerability of Tesla’s Keyless Entry System
Researchers from the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could perform a relay attack on the latest Tesla Model 3. Despite its ultra-wideband keyless entry system, the car was unlocked using less than a hundred dollars worth of radio equipment. This system also controls the car’s immobilizer, meaning a hacker could start and drive the car away in seconds unless the driver has enabled Tesla’s optional PIN-to-drive feature.
“It’s a warning for the mass public: Simply having ultra-wideband enabled doesn’t mean your vehicle won’t be stolen,”
— Jun Li, GoGoByte’s founder
How Relay Attacks Work
Relay attacks deceive a car into thinking the owner’s key fob or smartphone is nearby. A hacker’s device near the car relays the signal from the owner’s real key, which could be far away. Thieves can place one device near the key and another next to the car, transmitting the signal between them.
Real-World Examples
Thieves have used this technique to steal cars from driveways by picking up the signal of a key inside a house. As GoGoByte researcher Yuqiao Yang explains, the attack could even happen in a café, with a hacker behind you in line relaying the signal to your car parked outside.
“They may be holding a relay device, and then your car may just be driven away. That’s how fast it can happen, maybe just a couple seconds.”
— Yuqiao Yang, GoGoByte researcher
Tesla’s Response and Future Fixes
In 2020, Tesla informed the US Federal Communications Commission that it would implement ultra-wideband in its keyless entry systems to prevent relay attacks. The technology measures the distance of a key fob or smartphone from the car, theoretically making it immune to such attacks.
The Need for Immediate Precautions
GoGoByte notes that Tesla can push over-the-air updates to its cars and might use this feature to fix the relay attack vulnerability. However, until such updates are released, Tesla owners should enable the PIN-to-drive feature to protect their vehicles.
“I think Tesla will be able to fix this because they have the hardware in place. But I think the public should be notified of this issue before they release the secure version.”
— Jun Li, GoGoByte’s founder
Conclusion
Until Tesla releases a secure update, it’s crucial to keep the PIN-to-drive protection enabled. This precaution is far better than extreme measures like keeping keys and smartphones in the freezer or waking up to find your car stolen and sold for parts.
6 Comments
Well, I guess Tesla’s should come with a theft warning sticker now!
What if instead we just invest in better security tech?
It’s fascinating how the relentless ingenuity of thieves never seems to stop.
Unbelievable how thieves always find a loophole!
Luna Mitchell: Who knew stealing a Tesla could be as easy as tuning into your favorite radio station?
Again? Can we ever catch a break with car thieves!