A new study reveals that Tesla’s keyless entry system in its latest Model 3 remains vulnerable to relay attacks despite its upgrade to ultra-wideband (UWB) radio which had been touted as a solution to relay attacks.
A relay attack tricks a car into unlocking by relaying signals from an owner’s key fob or smartphone, often from a distance. This technique has been used to steal numerous car models for years as it tricks cars entry systems to respond as if the real owner was nearby.
Relay Attacks Remain a Concern for Ultra-Wideband Keyless Systems
For over a decade, car thieves have used relay attacks to steal vehicles with keyless entry systems. This technique, which requires minimal equipment, has remained a significant threat despite advancements in car security technology.
The ultra-wideband technology was touted by some as a supposed fix and possible end to these relay attacks, with a pending patent filed by Ford Global Technologies LLC (an R&D subsidiary of Ford Motor) describing it as ‘most advanced known solution to relay attacks’.
However, recent research from cybersecurity firm GoGoByte reveals that some of the latest high-end cars such as the Tesla Model 3 incorporating the ultra-wideband technology, remain vulnerable.The researchers, demonstrated a successful relay attack against the latest Tesla Model 3 despite its UWB upgrade, using less than $100 worth of radio equipment to unlock the car instantly.
This vulnerability is particularly concerning as the keyless entry system also controls the car immobilizer that prevents engines from starting until the right key is recognized, potentially allowing an attacker to drive away with the car when successfully compromised.
PIN-to-Drive Feature Advised as Critical Safeguard
In 2021, documents supposedly originating from a Tesla filing to the US Federal Communications Commission, detailed the implementation of the ultra-wideband technology and described it as immune to relay attacks.
However, the founder of the cybersecurity firm emphasized the importance of enabling Tesla’s optional PIN-to-drive feature. When enabled, this option requires a four-digit security code to be entered before starting the car, serving as a crucial defense against relay attacks.
According to the Wired report, Tesla responded to an email of the researcher’s findings by acknowledging the issue but stated that the behavior was as expected and the ultra-wideband technology was not intended to stop relay attacks or intended to prevent car theft.
The automotive company stated that it was working on improving the reliability of the technology and that ranging enforcements would be implemented when reliability upgrades were completed.
The researchers noted that at least two other carmakers implementing the technology in their cars, also faced the same vulnerability. Noting the ability of Tesla to push over-the-air(OTA) updates to to its cars, the researchers stated that a future update could possibly contain a fix to deal with relay attacks. However, the researchers expressed their belief that the public should be aware of this issue while realizing they were far from immune until then.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
