Relay attack can unlock & start Tesla Model Y in a jiffy, finds researcher
San Francisco: A cyber security researcher has discovered a sophisticated relay attack that can allow someone with physical access to a Tesla Model Y to unlock and steal it in a jiffy.
Tesla claims that this security issue is mitigated with the “PIN to Drive” feature, which would still allow attackers to open and access the car, but would not allow them to drive it.
Josep Pi Rodriguez, principal security consultant for independent computer security services firm IOActive, said that this feature is optional, and Tesla owners who are not aware of these issues may not be using it.
IOActive contacted Tesla about this issue in the Model Y and believes that Tesla is well aware of this issue in other models.
“However, we have made several attempts to contact them and let them know that the same issue exists in the Model Y, with no response,” said Rodriguez in a paper.
According to the researcher, attackers can steal a Tesla Model Y as long as they can position themselves within about two inches of the owner’s NFC card or mobile phone with a Tesla virtual key on it, reports The Verge.
“There are several ways Tesla could fix or mitigate this issue, although they may require hardware changes,” Rodriguez added.
Earlier this year, another researcher found a way to start a Tesla car with an unauthorised virtual key.
In 2020, a group of Belgian cyber security researchers discovered major security flaws in the keyless entry system of the Tesla Model X, demonstrating how the battery-powered Tesla Model X priced at over $100,000 can be stolen in a few minutes.