Donut Media, a Los Angeles-based business with its own YouTube channel, claims to have used a $20 tool to break into a Tesla car.
Jeremiah Burton from Donut discusses in the video how he used a relay assault to “steal” a Tesla. Burton received help from Sultan Qasim Khan, the primary security researcher, and consultant for NCC Group.
NCC is an information assurance organization established in the United Kingdom that provides cybersecurity consultancy.
Burton claims that Khan discovered a brand-new relay attack that is effective against Tesla vehicles.
Khan discovered a “huge vulnerability in keyless entry technology,” specifically “phone as a key,” a tactic used by many companies, including Tesla, according to Donut’s Justin Freeman.
Khan told Freeman that he used “free software” and “off-the-shelf hardware” to build a relaying device for as little as $10. However, the total cost was $20 because of the two gadgets.
Khan claimed that his devices were 15 metres from the car, but he issued a warning that, in the absence of strict latency controls, they might open a car from the “opposite sides of the planet.”
While another team member is 50 feet inside the facility with the phone that serves as a key, Freeman is seen unlocking a Tesla outside the Donut office in the video. He could obtain entry to the Tesla car, start it, and leave in it. Instead, he’s heard yelling at Elon Musk, CEO of Tesla, “Fix it, Elon!”
The hack is said to work on a Tesla Model Y, but NCC Group previously indicated in 2021 that it might also work on any Bluetooth-enabled vehicle. Tesla vehicle owners may be forced to use a PIN, which must be entered before the vehicle may be operated.