Tesla Working On Fix for Relay Attack Vulnerability

In November 2020, security researchers at the Belgian university KU Leuven discovered a security weakness in the key fob used by Tesla vehicles that allowed them to conduct a relay attack that could give them control of a Tesla Model X in less than three minutes. Tesla now says that it is working on improved security measures for both the key fob and its mobile app that will make relay attacks impossible.

Theft of Tesla vehicles have especially been an issue in Europe, where car thieves are often more highly sophisticated than those in other markets like North America. In at least two cases where a Tesla was stolen and never recovered, the thieves are believed to have removed the SIM card in the vehicle or used a GPS blocker to confuse signals that would have made it easy to track the vehicle.

The unrecovered vehicles were likely dismantled for parts, as evidenced by one case where a stolen and dismantled Model S was found in a truck attempting to get from the Netherlands to Germany.

The relay attacks are made possible by the convenience of owners being able to unlock their vehicles simply by walking up to it. The researchers in Belgian were able to use the inherent security loopholes and a laptop computer to full the Model X’s onboard computers into thinking that a fake key fob was the real thing. At the time, Tesla sent out an email with this security tip:

“You can decrease the likelihood of unauthorised entry by disabling Passive Entry when parked in public spaces or storing your key in a holder which blocks electromagnetic transmissions, such as a RFID-blocking sleeve or Faraday cage.”

According to Tesla, passive entry can be disabled by going to Controls > Settings > Doors & Locks > Passive Entry > OFF. Very few people have a Faraday cage, of course, but RFID-blocking sleeves are readily available at online retailers like Amazon and are usually highly recommended for preventing the scanning of credit card information using an RFID scanning device.

Tesla has already rolled out updates for the key fob with improved cryptography and an optional “PIN to drive” feature. According to a new filing with the FCC, the company is integrating a new single chip Impulse “Radio Ultra Wideband” (IR‐UWB), often shortened to UWB, in its key fob. According to paperwork related to the filing, which is available on Scribd, UWB can provide improved distance estimates between the key fob and the vehicle. Several mobile phone companies have already integrated UWB in their phones, making it possible for Tesla to integrate it directly into the mobile app for Tesla owners.

Tesla also plans to make the phone app the main key for the Model S and Model X in the updated design. The phone app is already the main key for the Model Y and Model 3. This is likely to make relay attacks even more difficult to pull off by bypassing the key fob as the main method to unlock a Tesla vehicle.