Thieves Caught on Video Stealing Tesla With Key Fob Relay Hack
If you’ve got an expensive, popular car like the Tesla Model S, you have to expect that someone might eventually want to steal it. You should take steps to prevent that, but UK-based Tesla owner Antony Kennedy did not. He did, however, have cameras pointed at the car so you can see how easy it can be to steal a modern technology-infused vehicle. Well, as long as you can figure out how to get the charging cable out. It took the thieves longer to do that than it took to gain entry to the vehicle.
What you see in the video below is a keyfob relay attack, sometimes called a Signal Amplification Relay Attack (SARA). Many vehicles with keyless entry are susceptible to this attack, but Tesla has several features in its cars that are supposed to prevent relay attacks. Unfortunately, the owner in this instance did not have those features enabled.
As the pair of car thieves approach the vehicle sitting in the driveway, you can see one of the two pull out a large device, possibly a tablet. He skulks around the perimeter of the house, most likely attempting to get a signal from the car’s key fob. Meanwhile, his partner (who did not even bother to wear a mask) stands near the car’s driver side door with a smaller device, probably a phone. The tablet apparently locked onto the keyfob, allowing it to relay the signal to the car via the phone. The doors unlocked, and the car was as good as stolen.
Before they could drive off, the thieves needed to unplug the charger from the car. Interestingly, they can carry out a complex relay attack on the car, but they’ve never unplugged a Tesla charger. The tablet-carrying thief tries first, but is unable to figure out there’s a button the disengages the cable. The other half of the dynamic criminal duo gets out of the car to try as well. Eventually, the first one figures it out, and the car drives off.
The owner could have put up more roadblocks in the way if he’d enabled Tesla’s security features. For example, a PIN to drive requires a numeric code before the car will start after unlocking via the key fob. You can also shut off keyless entry entirely, which Tesla recommends if you’re going to leave the vehicle outside overnight. The owner says the fob was not near the vehicle, but security experts recommend keeping keyless entry fobs in a metal box or a “Faraday bag” to stop anyone from hijacking the signal.
According to the owner, neither he nor Tesla can track the vehicle via its built-in GPS feature. This implies the thieves removed the car’s SIM card or used a device to block internet access. Judging by the difficulty they experienced just unplugging it, they probably handed the car off to the brains behind the operation.