Teslas can still be stolen with a cheap radio hack despite new keyless tech

Enlarge / Tesla sold 1.2 million Model Y crossovers last year. (credit: John Paraskevas/Newsday RM via Getty Images)

For at least a decade, a car theft trick known as a “relay attack” has been the modern equivalent of hot-wiring: a cheap and relatively easy technique to steal hundreds of models of vehicles. A more recent upgrade to the radio protocol in cars' keyless entry systems known as ultra-wideband communications, rolled out to some high-end cars including the latest Tesla Model 3, has been heralded as the fix for that ubiquitous form of grand theft auto. But when one group of Chinese researchers actually checked whether it's still possible to perform relay attacks against the latest Tesla and a collection of other cars that support that next-gen radio protocol, they found that they're as stealable as ever.

In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment. Since the Tesla 3's keyless entry system also controls the car's immobilizer feature designed to prevent its theft, that means a radio hacker could start the car and drive it away in seconds—unless the driver has enabled Tesla's optional, off-by-default PIN-to-drive feature that requires the owner to enter a four-digit code before starting the car.