May 18, 2022 – A security researcher successfully exploited a vulnerability that allowed them to not only unlock a Tesla but also drive away without ever having to touch one of the car’s keys.
Rather than utilize a traditional vehicle key fob, this particular attack focuses on the victim’s cell phone, or Tesla’s BLE-enabled key fobs, that use that same communication technology as the phone.
By utilizing a relay device attached to a laptop, the attacker can wirelessly bridge a gap between the car and the victim’s phone, tricking the vehicle into thinking that the phone is within range of the vehicle when it could be hundreds of feet (or even miles) away. Once the unsuspecting owner is in range of the relay, it only takes seconds—10 seconds to drive off with the car.
