The electric car giant, which has been dealing with lawsuits for a long time, continues to deal with another problem every day. As a result of the work carried out by a cyber security company called NCC Group, a remote control vulnerability was discovered in Tesla vehicles. How Does? Let’s take a look together.
Tesla is not getting out of trouble. The company, which to date routinely looks for weak spots in its security systems, has even participated in events such as Pwn2Own, which allows hackers to attempt to infiltrate some of the world’s most important companies and their best-protected systems. However, it seems that these were not enough.
Cybersecurity firm NCC Group stated in an interview that Teslas are among the vehicles most prone to be hacked due to Bluetooth locks. NCC said the tools could be opened and controlled remotely by hackers who could exploit a vulnerability in its system.
The remote control can be provided due to a flaw in the Bluetooth system in Teslas
NCC Group researcher Sultan Qasim Khan drove a Tesla using a small relay device connected to a laptop in a demonstration. The device created a great connection between Tesla and the Tesla owner’s phone.
“This proves that any product that relies on a reliable BLE connection is vulnerable to attack, even from the other side of the world,” NCC said in a statement. BLE, which stands for “Bluetooth Low Energy”, is a technology used in vehicles and Bluetooth locks that automatically unlocks when an authorized device is nearby. Although it provides convenience, its defence against attacks is not strong.
The hack that took place was done on a 2021 Tesla Model Y, but NCC Group states that any lock using BLE technology, including residential smart locks, can be unlocked in the same way. This essentially means that with the right technology in the wrong hands, a car or a house can be controlled or invaded.
The group also stated that the vulnerability in BLE locks is not ordinary and cannot be fixed with software updates. If you wish, you can read NCC Group’s statement on the subject here.