Bluetooth hack breaks into cars and smart locks 

Devices from deadbolts to car doors could be affected.
By B. David Zarley
Fields
Big Tech
Cars
Hacking
Share

UK cybersecurity research firm NCC Group has revealed a weakness in Bluetooth Low Energy technology that potentially leaves millions of locks vulnerable — including those on your Tesla or home.

NCC Group senior security consultant Sultan Qasim Khan detailed the attack method.

“Many products implement Bluetooth Low Energy (BLE) based proximity authentication, where the product unlocks or remains unlocked when a trusted BLE device is determined to be nearby,” Khan wrote in a research report

Cybersecurity researchers have revealed a weakness in Bluetooth Low Energy technology that potentially leaves millions of locks vulnerable — including those on your Tesla or home.

Common examples of BLE products include phone-as-a-key systems on cars, residential smart locks, and smartphones. In a demo for Reuters, Khan opened and then drove a 2021 Tesla Model Y.

Khan hacked the BLE identification of Tesla Phone-as-a-Key entry system and Kwikset/Weiser residential smart locks using what is known as a “relay attack,” which uses two hardware devices — one near the BLE’s recognized device, the other near the lock it controls — to trick the lock into thinking its owner is nearby. 

By placing one relay device within 15 yards of a Tesla owner’s phone or fob, and another in his laptop near the car, Khan was able to “relay” the BLE identification from the owner’s device to his own, hijacking the ride in an example for Bloomberg News.

While NCC told Bloomberg that Tesla acknowledged that relay attacks can be an issue, fixing it would require changes to both their hardware and keyless entry system. Kwikset told Bloomberg that customers can use two factor identification and that the locks have a 30-second timeout when devices are stationary to help prevent intruders from getting in.

The vulnerability is to“relay attack,” which uses two hardware devices — one near a recognized device, the other near the lock it controls — to trick the lock into thinking its owner is nearby.

“The Bluetooth Special Interest Group (SIG) prioritizes security and the specifications include a collection of features that provide product developers the tools they need to secure communications between Bluetooth devices,” the company told Bloomberg in a statement. 

“The SIG also provides educational resources to the developer community to help them implement the appropriate level of security within their Bluetooth products, as well as a vulnerability response program that works with the security research community to address vulnerabilities identified within Bluetooth specifications in a responsible manner.”

Khan also recommended in his general report on BLE’s susceptibility to relay attacks that users be required to prove proximity — e.g., interacting with the BLE trusted device, like unlocking your phone or opening the app.

We’d love to hear from you! If you have a comment about this article or if you have a tip for a future Freethink story, please email us at [email protected].

Related
A solar-powered car races along a highway surrounded by sparse vegetation under a clear blue sky.
Cars
Why aren’t there solar-powered cars?
There are a number of reasons why solar-powered cars aren’t an option for everyday travel, at least not yet.
Chen Liu
A man in a suit stands next to a robotic arm with computer-brain interfaces on a stage under blue lighting.
Big Tech
In a future with brain-computer interfaces like Elon Musk’s Neuralink, we may need to rethink freedom of thought
In a future with more “mind reading,” thanks to computer-brain interfaces, we may need to rethink freedom of thought.
Parker Crutchfield
Abstract digital artwork depicting a data center
AI
OpenAI and Microsoft are reportedly planning a $100B supercomputer
Microsoft is reportedly planning to build a $100 billion data center and supercomputer, called “Stargate,” for OpenAI.
Kristin Houser
Two open-wheel race cars on a track, one orange and one blue, competing in an autonomous auto racing event.
Cars
Autonomous auto racing promises safer driverless cars on the road
Autonomous racing is a testbed where competition spurs innovation and AI-controlled cars chart a course toward safer autonomous vehicles.
Madhur Behl
A man sitting in front of a microphone at the world economic forum.
AI
Sam Altman on the future of AI
In the Davos session, “Technology in a Turbulent World,” OpenAI CEO Sam Altman explained where he sees AI heading.
Kate Whiting
Up Next
Robotics
From robotic dogs to magnetic slime: 6 ways robots are helping humans
Victoria Masterson
Subscribe to Freethink for more great stories 
Subscription Center