Get All Access for $5/mo

Tesla Owners Beware: Your Car Could Get Hacked With a $340 Device You Can Buy Online Researcher Josep Pi Rodriguez published a white paper in August showing how two people could trick their way into Tesla Model Y with relatively accessible technology.

By Gabrielle Bienasz

Opinions expressed by Entrepreneur contributors are their own.

WANG ZHAO / Contributor / Getty Images

Based on a recent Tesla hack, it might be time to upgrade your purse, wallet, and key protection.

In August, Josep Pi Rodriguez, an "ethical hacker" and principal security consultant at IOActive, published a whitepaper on how to hack a Model Y, as reported in The Verge.

The paper showed how two people could use a couple of devices, including a Proxmark RDV4 (which you can get online for $340, but there are significantly cheaper versions on sites like Amazon you could use, Rodriguez said) to break into a Model Y Tesla.

Rodriguez, who is based in Madrid, told Entrepreneur that this car hack is innovative compared to past hacks because using a Proxmark — something anyone could buy online and use as long as they had the coding skills to write their own firmware for it — is new, he estimated.

"This is the first working NFC relay attack against a Tesla Model Y," he said.

"This device has been never been used, at least in public, for this kind of attack," Rodriguez added.

But the hacking doesn't just have implications for Tesla owners.

It reveals new vulnerabilities — and highlights old ones — for a host of other tap-to-unlock car keys, cards, or fobs and tap-to-pay cards that use NFC, or near-field communication, says Sanjay Deo, chair of the Levan Center of Innovation Cybersecurity Advisory Council and president of 24by7 Security.

"I think everybody should understand this paper and understand the risks," Deo told Entrepreneur.

How the Model Y Tesla Hack Happened

Rodriguez's research whitepaper outlines how two people could hack into a Model Y Tesla.

For background, a Tesla fob, card key, or phone app (like many other digital car unlockers) has a conversation with the car to confirm the key placed near it is the one that is supposed to unlock the car.

Rodriguez showed how hackers could intercept that car-to-key conversation.

First, one person would take the Proxmark device, which is essentially a radio transmitter and identifier, and get close to someone's Tesla.

Then, another person goes near the owner's keycard or phone app with any NFC-enabled device (even just a smartphone). As The Verge points out, that could happen while you're outside moving around or waiting in a line for coffee or at a table for food.

The two devices, with the help of WiFi or Bluetooth, can then relay the conversation that the Tesla key would normally have with the car, to the car, to get the door to open.

In the paper, Rodriguez demonstrated it at a short distance, but he theorized it could be done over a long way.

You could be traveling, and someone could get near you with the device and unlock your car at the airport in Miami, for example, Deo said.

"[You] wouldn't even know the car is not there," he said. "It's a pretty sophisticated hack."

That is part of why this attack is concerning, even though NFC hacks had previously been a concern in the car industry, the paper notes.

"This is becoming a unique NFC attack, and that is why it's getting so much attention," Deo said. "If you could do it on Tesla, you could do it on other cars that have this NFC protocol."

When it comes to driving the car, Rodriguez told The Verge that hackers would have to go through the process a second time to make another key to start the car again (or just sell the car's parts).

How to protect yourself

Having your cards scanned in public has long been a risk, Deo said (though it's not as cost-effective or easy as just stealing them online). Rodriguez had recommendations for how Tesla could fix the issue. For the general consumer, it could come down to one major thing: RFID blocking material, Deo advised.

This lining would block scanners of various types from scanning your Tesla key or regular credit cards. Consumers could also protect the car from being driven off, at least, by enabling PIN-to-drive on their Teslas, Rodriguez said. (Though many cars do not have this option, he told The Verge).

You can also get RFID blocking phone cases, he added.

Tesla did not immediately respond to Entrepreneur's request for comment.

Rodriguez disclosed the vulnerability to the company and said Tesla said the PIN feature would fix it. He told The Verge that he thought Tesla "downplayed" the risk, the outlet wrote.

"This feature is optional, and Tesla owners who are not aware of these issues may not be using it," Rodriguez wrote in the paper.

Gabrielle Bienasz is a staff writer at Entrepreneur. She previously worked at Insider and Inc. Magazine. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business Process

Never Reveal These 3 Things If You Want to Sell Your Business Successfully, Startup Attorney Warns

Mergers and acquisitions are complex and a majority of them fail. Here's what a successful M&A deal looks like; some of the reasons that deals fall apart; why founders should be careful when speaking to potential buyers; and why they should be careful about sharing information before the deal goes through.

Side Hustle

This Mom Started a Side Hustle on Facebook — Now It Averages $14,000 a Month and She Can 'Work From a Resort in the Maldives'

Heather Freeman was searching for a way to make some extra cash — and her cousin gave her a great idea.

Side Hustle

This 26-Year-Old's Side Hustle That 'Anybody Can Do' Grew to Earn $170,000 a Month. Here's What Happened When I Tested It.

Stephen Alvarez was working at a dental supply company and following his passion for cars on the side — then an Instagram ad changed everything.

Starting a Business

He Turned His High School Science Fair Project Into a Product That Solves a $390 Billion Problem: 'This Has Not Been Done Before'

Vasya Tremsin was just 18 years old when he came up with the idea for outdoor fire sensor company Torch Sensors.

Business News

Why Does Taylor Swift Keep Stopping Her Shows Mid-Song? It's Actually a Great Lesson in Leadership.

Taylor Swift has paused nearly half of her shows while on the European leg of her Eras tour, and the reason is something leaders can learn from.

Side Hustle

This 27-Year-Old Started a Side Hustle on Facebook Marketplace — Now the Gig Earns Over $500,000 a Month

Valentina Zapata wanted "something positive to do on the side" — and it turned into a major money-maker.