Our cars are growing smarter with every generation, but unfortunately, so are the thieves determined to take them from us. Now a security consultant has discovered a method that would allow two thieves to unlock, start and drive away a Tesla in a matter of seconds.
Josep Pi Rodriguez from Seattle-based computer security firm IOActive found that thieves can use the Tesla’s NFC (near-field communication) key technology, which is designed to let owners access their cars by tapping an NFC card against the B-pillar to take control of the vehicle. Rodriguez realized that if one thief gets close enough to the driver once they have left the car, for example in a store or bar, while the other stands by the car, it would be possible to open the door and start the car.
Here’s how it works: the thief standing by the car uses a device to persuade the car to transmit a “challenge” to the driver’s NFC card, but then transmits the challenge itself via Wi-Fi or Bluetooth to a mobile phone belonging to the second thief shadowing the driver. Thief 2 holds that phone close to the driver’s pocket or bag where the NFC card is located, and when that NFC card responds, its signal is relayed back to the thief outside the car via the mobile phone.
The Verge reports that Tesla previously required drivers who rely on the NFC card (as opposed to a key fob) to unlock their cars to place the card between the front seats to shift it into gear. But a recent software update scrapped that requirement. Tesla also offers a PIN function that means owners have to enter a four-digit code before the car can be driven, but few owners activate it, and even if that prevented thieves from driving away in the car, they could still use the method to open it and steal any valuables located inside.
Related: Hackers Can Create Their Own Personal Key To Steal Your Tesla In 130 Seconds
Another snag for the thieves is that once they shut the car down, they can’t restart it without the owner’s NFC card, or by going through the process again, this time to add another keycard to the vehicle. But if their aim is to strip the car for parts, one trip might be enough.
Although Rodriguez studied the method on a Tesla, he believes the concept of an NFC attack would leave other automakers’ cars equally vulnerable, The Verge reports. In fact, they might be even more at risk because they don’t have the added security option of Tesla’s PIN-to-drive tech.