News hardware Tesla: a major flaw allows you to take control of your vehicle
A group of Manchester-based security researchers had fun hacking a 2021 Tesla Model Y through a simple flaw in the Bluetooth Low Energy protocol. In just a few moments, they were able to unlock the car, start it and even drive it!
Bluetooth Low Energy (BLE) at the heart of the turmoil
With smart wireless unlocking, did you think you were finally at peace, free from the risks associated with losing your car keys in the sand in the summer at La Grande Motte? This was without counting on the risks inherent in technology and the misplaced ideas of certain little tricksters.
The find of the day comes to us this time from England, and more particularly from Manchester, where experts from the company NCC Group, specialized in cybersecurity, were able to access a Telsa Model Y from 2021 via a simple redirection of communications between a phone and a car.
As a reminder, Tesla, and thousands of other electronic devices around the world, such as scooters, house doors and more than 200 different car models, use the Bluetooth Low Energy (BLE) data transmission protocol to unlock short range wireless locks. And if the concept could not be more practical, we realize that it is unfortunately far from perfect.
Thousands of devices affected
In principle, devices equipped with the BLE protocol require the presence of your smartphone, or a badge, at a very short range (often less than one meter) to allow you to unlock your device. Whether it’s a car lock, a house lock, a scooter, electric shutters or even an iron curtain on a shop window. In short, you understood the concept.
However, as you can see in the short video provided by the company NCC Group, with a simple device capable of relaying communications and an accomplice, it is possible to easily bypass all BLE type protections for less than… 100 euros.
The idea is to have a “source” person in possession or next to the “master” device (smartphone, badge, key fob, etc.) and another near the device to be unlocked, occurrence here a Tesla Model Y 2021. Then, with a simple redirection of information via an internet connection, the BLE signal is transmitted to the so-called “relay” person, who only has to open and help himself.
Our colleagues from
have tried to contact Tesla on this point, but for the moment the brand has not followed up. The best way to protect yourself from any risk is to activate multi-step authentication with, for example, the presence of an additional PIN code or even biometric authentication when available.