Teslas can still be stolen with a cheap radio trick despite new keyless technology

Enlarge / Tesla sold 1.2 million Model Y crossovers last year.

John Paraskevas/Newsday RM via Getty Images

For at least a decade, a car theft trick known as a “relay attack” has been the modern equivalent of hot wiring: a cheap and relatively easy technique for stealing hundreds of vehicle models. A more recent upgrade to the radio protocol in car keyless entry systems, known as ultra-wideband communications, implemented in some high-end cars, including the latest Tesla Model 3, has been heralded as the solution to that. ubiquitous form of car theft. . But when a group of Chinese researchers checked to see if it’s still possible to carry out relay attacks against the latest Tesla and a collection of other cars that support that next-generation radio protocol, they found that they are as stealable as ever.

In a video shared with WIRED, researchers at Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they were able to carry out a relay attack against the latest Tesla Model 3 despite its upgrade to a keyless entry system. ultra-broadband, unlocking it instantly with less than a hundred dollars worth of radio equipment. Since the Tesla 3’s keyless entry system also controls the car’s immobilizer feature designed to prevent theft, that means a radio hacker could start the car and drive away in seconds, unless the driver has enabled the PIN. optional from Tesla, disabled by default. Driving feature that requires the owner to enter a four-digit code before starting the car.

Jun Li, founder of GoGoByte and longtime car hacking researcher, says his team’s success on the latest Model 3’s keyless entry system means Tesla owners should turn on that PIN protection despite any rumors that Tesla’s radio upgrade would protect your vehicle. “It’s a warning to the general public: Just because you have ultra-wideband enabled doesn’t mean your vehicle won’t be stolen,” Li says. “Using relay attacks is still like old times for thieves.”

Relay attacks work by tricking a car into detecting that the owner’s key fob (or, in the case of many Tesla owners, their smartphone with an unlocking app installed) is near the car and therefore should be unlocked. Instead, a hacker’s device near the car has, in fact, transmitted the signal from the owner’s actual key, which could be dozens or hundreds of feet away. Thieves can cross that distance by placing one radio device near the actual key and another next to the target car, transmitting the signal from one device to the other.

Thieves have used the relay technique to, for example, capture the signal from a car key inside a house where the owner sleeps and transmit it to a car in the driveway. Or, as GoGoByte researcher Yuqiao Yang describes, the trick could even be performed by the person behind you in line at a coffee shop where your car is parked outside. “They may be holding a relay device, and then their car may just drive away,” Yang says. “That’s how quickly it can happen, maybe just a couple of seconds.” Hacks have become so common that some car owners have decided to store their keys in Faraday bags that block radio signals, or in the freezer.

Leave a Comment