Tesla Gone in Under 130 Seconds

Tesla Gone in Under 130 Seconds

It seems that 2 minutes is all it takes for a Tesla to be hacked, allowing the hackers to generate a "whitelisted" key from many feet away without any specialized equipment.

A pair of Aussie security experts recently identified a weakness in the security safeguards built into the popular Tesla Model 3 and Model Y electric vehicles, which might make stealing a Tesla now much simpler than ever. With the multiple recent price hikes, I can imagine Tesla's becoming more of an attractive item for would-be criminals.

The weakness allows potential criminals to utilize the 130-second interval after a vehicle is opened to basically cut their own digital key, which they could (in theory) then use to "come back" and ransack the car or steal it entirely at a later date. And, as disturbing as that may seem, it's only the tip of the proverbial iceberg, because all they need is an app and a smartphone to transform an ordinary Tesla into a cracked Tesla.

"This staged video illustrates how an attacker uses the 'Authorization Timer' attack to whitelist a new key through Bluetooth," says Martin Herfurt, whose white hat security business found and exploited the vulnerability for the sake of a demonstration and lets face it, Youtube views. "This attack employs a customized (bad) version of the TeslaKee software, which enables the whitelisting of keys for any Tesla 3 or Y (and perhaps 2021 and newer Model S and X Teslas) in (Bluetooth) vicinity."

You can watch the video below and then tell me what you think about this new Tesla key weaknesses/exploit in the comments area at the bottom of the page.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.