Much like the rest of our devices, electric cars
are attempting to create a more seamless user experience through integrated, cloud-based technology. Using keyless entry
on a Tesla, for example, sure is convenient, but cybersecurity experts have had concerns about this feature in particular since its inception. Technically any vehicular feature that connects to an internet network is susceptible to hacking, but for a hacker to be able to access keyless entry is a devastating security risk.
The latest exploit in electric cars
According to Bloomberg
, Sultan Qasim Khan recently discovered what he had suspected all along—that an effective hack on Tesla Model 3 and Model Y cars would allow a thief to not only unlock and enter a vehicle but to start it and drive away. Khan is a principal security consultant at the Manchester, UK-based firm NCC Group. Khan stated that the hack, which redirects communications between the car owner’s mobile device, key fob, and the car, would allow hackers to trick the car into thinking the owner was nearby.
It is not only Tesla vehicles that are susceptible either, but any vehicle that uses Bluetooth Low Energy (BLE) protocol could theoretically be at risk.
Should Tesla owners be concerned about hackers?
Khan presented his findings to Tesla, but company officials didn’t seem too concerned. This isn’t the first time this potential risk has been reported to Tesla
, either. Just earlier this year, a 19-year-old cybersecurity researcher David Colombo managed to gain access to dozens of Teslas across the world. In this experiment, Colombo claimed that he was able to remotely run commands through a security flaw in an open-source logging tool called TeslaMate
Colombo also immediately alerted Tesla’s security team about the flaw, and they quickly rolled out a patch to address the issue. Khan’s findings, however, pose a more complex issue with a more difficult solution.
Convenience over security
BLE protocol is great for conveniently linking devices together over an internet connection, but according to Khan, it remains one of the biggest security risks that electric carmakers have overlooked.
NCC group claimed that it was able to successfully hack other carmakers' and technology companies’ devices through this methodology.
Khan even demonstrated a potential attack for Bloomberg, with technology and equipment that can be easily accessed online and doesn’t cost more than a few hundred dollars at most. Within seconds, Khan was able to remotely unlock the car
A 2019 study by a British consumer group had similar findings, concluding that more than 200 car models were susceptible to keyless theft.
It seems unlikely that automakers will move away from using keyless or Bluetooth technology, but a representative at Bluetooth SIG told Bloomberg that security was at the forefront of its mission.
“The Bluetooth Special Interest Group (SIG) prioritizes security and the specifications include a collection of features that provide product developers the tools they need to secure communications between Bluetooth devices,” said the representative.