Both ensured that the methods used for relay attacks at that time no longer worked. However, this did not make the process really safe. Security researchers from the NCC Group have now proven that their attack method still works the same way.
A typical Tesla user parks his car in front of his house. The smartphone is somewhere inside the house. Too far from opening Tesla. However, the Bluetooth LE signal still made it to the front yard. Then the attacker put his devices there. This forwards the signal to the attacker’s smartphone, which places it right next to a Tesla.
The attack can no longer be prevented
The new software ensures that signal coding is not an issue. In addition, the signal delay was only 8 milliseconds (milliseconds) – Tesla’s precautions allow a delay of up to 30 milliseconds.
The result is that the attacker can open the door and start the Tesla even though the owner’s cell phone is 25 meters away.
According to security researchers at NCC Group, there is currently no way to fix this security hole via an update. A similar problem also occurs with many other smart door locks.
For owners of Tesla Model Y or Model 3, this means: it is better to completely deactivate the function. Alternatively, you can also specify a PIN that must be entered to start the vehicle. The attacker can then unlock the car, but not drive it too far.
However, in the medium term, Tesla will have to use a radio method other than Bluetooth LE, according to the researchers. For example, the broadband radio offered by newer iPhone models is much safer, since the distance between the device and the car can be reliably measured here. BMW, for example, is already using this technology on some models.
