Business This Hacker Revealed a New Way to Steal a...

This Hacker Revealed a New Way to Steal a Model Y Tesla


- Advertisment -

Based on a recent Tesla hack, it may be time to upgrade your wallet, wallet, and key guard.

WANG ZHAO / Contributor / Getty Images

In August, Josep Pi Rodriguez, an “ethical hacker” and chief security consultant at IOActive, published a whitepaper on hacking a Model Yas reported in The edge.

The paper showed how two people could use a number of devices, including a Proxmark RDV4 (which you can get online for $340, but there are significantly cheaper versions on sites like Amazon that you could use, Rodriguez said) to break into a Model Y Tesla.

Rodriguez, who is based in Madrid, said: that this car hack is innovative compared to previous hacks, because using a Proxmark — something anyone can buy and use online as long as they have the coding skills to write their own firmware for it — is new, he estimated.

“This is the first working NFC relay attack on a Tesla Model Y,” he said.

“This device has never been used, at least not in public, for this type of attack,” added Rodriguez.

But the hacking doesn’t just affect Tesla owners.

It reveals new vulnerabilities — and highlights old ones — to numerous other tap-to-unlock car keys, cards, or fobs, and tap-to-pay cards that use NFC, or near-field communications, said Sanjay Deo, president of the Levan Center of Innovation Cybersecurity Advisory Council and chairman of 24by7 Security.

“I think everyone should understand this document and understand the risks,” Deo told

How the Model Y Tesla Hack Happened

Rodriguez’s research whitepaper outlines how two people hacked into a Model Y Tesla.

For the background, a Tesla key fob, card key, or phone app (like many other digital car unlockers) has a conversation with the car to confirm that the key placed next to it is the one that should unlock the car.

Rodriguez showed how hackers could intercept that car-to-key conversation.

First, one person would take the Proxmark device, which is essentially a radio transmitter and identifier, and get close to someone’s Tesla.

Then another person approaches the owner’s keycard or phone app with an NFC device (even just a smartphone). As The Verge points out, that can happen while you’re walking around outside or waiting in a line for coffee or at a table for food.

The two devices can then relay the conversation that the Tesla key normally has with the car to the car, using Wi-Fi or Bluetooth, to open the door.

In the paper, Rodriguez demonstrated it over a short distance, but he theorized that it could be done over a long way.

You could be traveling and someone could come near you with the device and unlock your car at the airport in Miami, for example, Deo said.

“[You] wouldn’t even know the car isn’t there,” he said. “It’s a pretty advanced hack.”

That’s part of why this attack is worrisome, though NFC hacks have previously been a concern in the auto industry, the paper notes.

“This is going to be a unique NFC attack and that’s why it’s getting so much attention,” Deo said. “If you could do it on Tesla, you could do it on other cars that have this NFC protocol.”

When it comes to driving the car, Rodriguez told The Verge that hackers would have to go through the process a second time to create another key to restart the car (or just sell the car’s parts).

How to protect yourself?

Getting your cards scanned in public has long been a risk, Deo said (although it’s not that expensive-effective or easy like they just steal online). Rodriguez had recommendations for how Tesla could solve the problem. For the general consumer, it could come down to one important thing: RFID blocking material, Deo advised.

This liner would block different types of scanners from scanning your Tesla key or regular credit cards. Consumers can also protect the car from driving off, at least by enabling PIN-to-drive on their Teslas, Rodriguez said. (Although many cars don’t have this option, he told The Verge).

You can also get RFID-blocking phone cases, he added.

Tesla did not immediately respond to entrepreneurs request for comment.

Rodriguez disclosed the vulnerability to the company, saying Tesla said the PIN feature would fix the problem. He told The Verge that he thought Tesla was “downplaying the risk,” the outlet wrote.

“This feature is optional and Tesla owners who are not aware of these issues may not use it,” Rodriguez wrote in the paper.

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.


Please enter your comment!
Please enter your name here

Latest news

How rich is Albert DePrisco? Net worth, wife Lisa Niemi, Wiki

Introduction Not all people born to wealthy families are instantly famous. Some of them gain fame by marrying someone...

The rise of the virtual restaurant franchise

No one can deny that the global pandemic has had a profound impact on consumer habits and has changed...

Intel CTO wants developers to build once, run on any GPU

More than two decades ago, the Java programming language, originally developed by Sun Microsystems, offered developers the promise of...

FedEx will bring better news in 2023

One Look at FedEx Corporation's (NYSE: FDX) chart shows it's been a tough year. With the shipping and...
- Advertisement -

This is why you couldn’t see anything on House of the Dragon

have things dark On House of the Dragon last night when characters stole dragons and other characters made super...

GIC backs Indian EV startup Euler Motors with $60 million funding •

Euler Motors, an Indian startup that designs and builds electric commercial vehicles, has raised $60 million in a new...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you