Tesla recently emailed Model S, Model X, and Model 3 owners advising them to protect their vehicles from thieves who exploit the cars’ passive entry feature, according to Electrek.
As is the case with vehicles from other brands that allow entry without touching a key or pushing a button on a remote, Tesla’s system is vulnerable to thieves who use relay attacks.
A passive entry system is a convenience feature that allows anyone with an associated programmable key, key fob, or key card to enter and start a vehicle. As long as the key fob is in close enough proximity to the vehicle, usually within a few feet, you can leave it in your pocket, purse, or bag, enter the car, and, with many brands, push a button inside the vehicle to start the engine and drive. Usually, the key has to be actually in the car to drive it away, even in vehicles with remote start capability.
In a relay attack, a car thief uses a device that captures the weak wireless signal from a nearby digital key. The device, sometimes called a “relay box,” boosts the strength of the captured signal and sends it — relays it — to another device close to the target vehicle, enabling the thief to enter the vehicle. If all the thief wants to do is steal the contents of the vehicle, that could be the end of it. If the thief wants to take the car, they need an additional method of starting it, such as reprogramming the car via the vehicle diagnostic port or using the captured signal with another device to create a duplicate digital key.
To steal a Tesla, thieves would also have to find a way to disable or block the car’s GPS signal. Otherwise, owners could track the vehicle with a mobile app and inform the police, which has happened often.
In the email to owners, Tesla focused on preventing vehicle entry: “You can decrease the likelihood of unauthorized entry by disabling Passive Entry when parked in public spaces or storing your key in a holder which blocks electromagnetic transmissions, such as an RFID-blocking sleeve or Faraday cage.”