The car was stolen in Essex using a relay technique
During the early hours of last Sunday morning, two masked cybercriminals began to maraud around a Tesla Model S on a sidewalk in Essex, England.
Digital forensics expert Antony Kennedy was about to suffer the theft of his Tesla Model S, with an approximate value of €92.6k. The thieves hardly took a few moments to break the security of the keyless vehicle.
By checking the theft recording of Kennedy’s house security system, it seems that the two criminals used a “relay attack”, in which the signal of a smart key fob (in this case, out of reach of the car inside Kennedy’s house) is replicated to a location near the car.
Since the Tesla Model S, like other luxury cars, can be automatically unlocked only by detecting that someone near it is wearing an authorized key fob, the car can be stolen in seconds.
These “passive entry” systems can be very convenient, plus they are very flashy and luxurious, but if a thief manages to replicate the signal from your key fob and is able to get in and take your vehicle away, you may want to reconsider the convenience of using a system of such characteristics.
According to experts in digital forensics, a Tesla car comes with a GPS signal that could be traced by the police using an application to recover the vehicle. It may work, but only if criminals fail to block the GPS signal.
It may be too late for Antony Kennedy, but specialists in digital forensics provide a series of measures to protect cars with keyless entry and ignition system:
- Enable the PIN entry function to turn on the car
- When not using your key fob, keep it inside a cover with RFID lock to disable unauthorized electromagnetic signal transmissions
- Do not keep passive input enabled
Kennedy tried to contact via Twitter with Elon Musk, Tesla’s owner, to question him about how easy it is to violate the security systems of his company’s cars.
“My Tesla was stolen this morning using only a tablet and a phone to extend the range of my key fob. I understand I should have enabled an access PIN. Still, I wish it would have been harder for thieves to access my car”, mentions Kennedy’s tweet.
Elon Musk has not responded yet.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.