Watch a Tesla get hacked to create a “whitelisted” key from several feet away, with no special gear, in under 2 minutes.
A pair of Austrian security researchers recently discovered a flaw in the baked-in security measures on the popular Model 3 and Model Y vehicles that could make stealing a Tesla easier than ever.
The flaw allows potential thieves to take advantage of the 130-second period after a vehicle is unlocked to effectively cut their own digital key, which they could then use to “come back” at a later date and rob the car, or steal it altogether. And, as upsetting as that may seem, it’s just the tip of the proverbial iceberg— because all they need to turn a regular Tesla into a hacked Tesla is an app and a smartphone.
“This staged video shows how a a new key is whitelisted by an attacker via Bluetooth using the ‘Authorization Timer’ attack,” writes Martin Herfurt, whose company identified and exploited the vulnerability for the purposes of this video (below). “This attack is using a special (evil) version of the TeslaKee app that allows the whitelisting of keys for any Tesla 3 or Y (and, maybe, 2021 and newer Model S and X Teslas) in (Bluetooth) proximity.”
You can check out the video for yourself, below, then let us know what you think of these hacked Tesla key vulnerabilities in the comments section at the bottom of the page.