Tesla customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of the electric vehicles.
A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group. By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.
The hack, Mr Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy protocol.
There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker did not respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.
Mr Khan said he had disclosed the potential for attack to Tesla and that company officials did not deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Mr Khan said. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.
BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as method that hackers exploit to unlock smart technologies including house locks, cars, phones and laptops, Mr Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.
Kwikset Kevo smart locks that use keyless systems with iPhone or Android phones are affected by the same issue, Mr Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in lock app. An official also added that the iPhone-operated locks have a 30-second timeout, helping protect against intrusion.
Kwikset will be updating its Android app in “summer,” the company said.
“The security of Kwikset’s products is of utmost importance and we partner with well-known security companies to evaluate our products and continue to work with them to ensure we are delivering the highest security possible for our consumers,” an official said.
A representative at Bluetooth SIG, the collective of companies that manages the technology said: “The Bluetooth Special Interest Group prioritises security and the specifications include a collection of features that provide product developers the tools they need to secure communications between Bluetooth devices.
“The SIG also provides educational resources to the developer community to help them implement the appropriate level of security within their Bluetooth products, as well as a vulnerability response program that works with the security research community to address vulnerabilities identified within Bluetooth specifications in a responsible manner.”
Mr Khan has identified numerous vulnerabilities in NCC Group client products and is also the creator of Sniffle, the first open-source Bluetooth 5 sniffer. Sniffers can be used to track Bluetooth signals, helping identify devices. They are often used by government agencies that manage roadways to anonymously monitor drivers passing through urban areas.
A 2019 study by a British consumer group, Which, found that more than 200 car models were susceptible to keyless theft, using similar but slightly different attack methods such as spoofing wireless or radio signals.
In a demonstration to Bloomberg News, Mr Khan conducted a so-called relay attack, in which a hacker uses two small hardware devices that forward communications. To unlock the car, he placed one relay device within roughly 15 metres of the Tesla owner’s smartphone or key fob and a second, plugged into his laptop, near to the car.
The technology utilised custom computer code that Mr Khan had designed for Bluetooth development kits, which are sold online for less than $50.
The hardware needed, in addition to Mr Khan’s custom software, costs roughly $100 altogether and can be easily bought online. Once the relays are set up, the hack takes just “10 seconds,” Mr Khan said.
“An attacker could walk up to any home at night — if the owner’s phone is at home — with a Bluetooth passive entry car parked outside and use this attack to unlock and start the car,” he said.
“Once the device is in place near the fob or phone, the attacker can send commands from anywhere in the world.”
The five pillars of Islam
1. Fasting
2. Prayer
3. Hajj
4. Shahada
5. Zakat
Electric scooters: some rules to remember
- Riders must be 14-years-old or over
- Wear a protective helmet
- Park the electric scooter in designated parking lots (if any)
- Do not leave electric scooter in locations that obstruct traffic or pedestrians
- Solo riders only, no passengers allowed
- Do not drive outside designated lanes
Timeline
2012-2015
The company offers payments/bribes to win key contracts in the Middle East
May 2017
The UK SFO officially opens investigation into Petrofac’s use of agents, corruption, and potential bribery to secure contracts
September 2021
Petrofac pleads guilty to seven counts of failing to prevent bribery under the UK Bribery Act
October 2021
Court fines Petrofac £77 million for bribery. Former executive receives a two-year suspended sentence
December 2024
Petrofac enters into comprehensive restructuring to strengthen the financial position of the group
May 2025
The High Court of England and Wales approves the company’s restructuring plan
July 2025
The Court of Appeal issues a judgment challenging parts of the restructuring plan
August 2025
Petrofac issues a business update to execute the restructuring and confirms it will appeal the Court of Appeal decision
October 2025
Petrofac loses a major TenneT offshore wind contract worth €13 billion. Holding company files for administration in the UK. Petrofac delisted from the London Stock Exchange
November 2025
180 Petrofac employees laid off in the UAE
Living in...
This article is part of a guide on where to live in the UAE. Our reporters will profile some of the country’s most desirable districts, provide an estimate of rental prices and introduce you to some of the residents who call each area home.
GULF MEN'S LEAGUE
Pool A Dubai Hurricanes, Bahrain, Dubai Exiles, Dubai Tigers 2
Pool B Abu Dhabi Harlequins, Jebel Ali Dragons, Dubai Knights Eagles, Dubai Tigers
Opening fixtures
Thursday, December 5
6.40pm, Pitch 8, Abu Dhabi Harlequins v Dubai Knights Eagles
7pm, Pitch 2, Jebel Ali Dragons v Dubai Tigers
7pm, Pitch 4, Dubai Hurricanes v Dubai Exiles
7pm, Pitch 5, Bahrain v Dubai Eagles 2
Recent winners
2018 Dubai Hurricanes
2017 Dubai Exiles
2016 Abu Dhabi Harlequins
2015 Abu Dhabi Harlequins
2014 Abu Dhabi Harlequins
GIANT REVIEW
Starring: Amir El-Masry, Pierce Brosnan
Director: Athale
Rating: 4/5
JOKE'S%20ON%20YOU
%3Cp%3EGoogle%20wasn't%20new%20to%20busting%20out%20April%20Fool's%20jokes%3A%20before%20the%20Gmail%20%22prank%22%2C%20it%20tricked%20users%20with%20%3Ca%20href%3D%22https%3A%2F%2Farchive.google%2Fmentalplex%2F%22%20target%3D%22_blank%22%3Emind-reading%20MentalPlex%20responses%3C%2Fa%3E%20and%20said%3Ca%20href%3D%22https%3A%2F%2Farchive.google%2Fpigeonrank%2F%22%20target%3D%22_blank%22%3E%20well-fed%20pigeons%20were%20running%20its%20search%20engine%20operations%3C%2Fa%3E%20.%3C%2Fp%3E%0A%3Cp%3EIn%20subsequent%20years%2C%20they%20announced%20home%20internet%20services%20through%20your%20toilet%20with%20its%20%22%3Ca%20href%3D%22https%3A%2F%2Farchive.google%2Ftisp%2Finstall.html%22%20target%3D%22_blank%22%3Epatented%20GFlush%20system%3C%2Fa%3E%22%2C%20made%20us%20believe%20the%20Moon's%20surface%20was%20made%20of%20cheese%20and%20unveiled%20a%20dating%20service%20in%20which%20they%20called%20founders%20Sergey%20Brin%20and%20Larry%20Page%20%22%3Ca%20href%3D%22https%3A%2F%2Farchive.google%2Fromance%2Fpress.html%22%20target%3D%22_blank%22%3EStanford%20PhD%20wannabes%3C%2Fa%3E%20%22.%3C%2Fp%3E%0A%3Cp%3EBut%20Gmail%20was%20all%20too%20real%2C%20purportedly%20inspired%20by%20one%20%E2%80%93%20a%20single%20%E2%80%93%20Google%20user%20complaining%20about%20the%20%22poor%20quality%20of%20existing%20email%20services%22%20and%20born%20%22%3Ca%20href%3D%22https%3A%2F%2Fgooglepress.blogspot.com%2F2004%2F04%2Fgoogle-gets-message-launches-gmail.html%22%20target%3D%22_blank%22%3Emillions%20of%20M%26amp%3BMs%20later%3C%2Fa%3E%22.%3C%2Fp%3E%0A
Avatar: Fire and Ash
Director: James Cameron
Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana
Rating: 4.5/5
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
2025 Fifa Club World Cup groups
Group A: Palmeiras, Porto, Al Ahly, Inter Miami.
Group B: Paris Saint-Germain, Atletico Madrid, Botafogo, Seattle.
Group C: Bayern Munich, Auckland City, Boca Juniors, Benfica.
Group D: Flamengo, ES Tunis, Chelsea, Leon.
Group E: River Plate, Urawa, Monterrey, Inter Milan.
Group F: Fluminense, Borussia Dortmund, Ulsan, Mamelodi Sundowns.
Group G: Manchester City, Wydad, Al Ain, Juventus.
Group H: Real Madrid, Al Hilal, Pachuca, Salzburg.
The specs
Engine: 2.0-litre 4-cylinder turbo
Power: 240hp at 5,500rpm
Torque: 390Nm at 3,000rpm
Transmission: eight-speed auto
Price: from Dh122,745
On sale: now
The biog
Favourite films: Casablanca and Lawrence of Arabia
Favourite books: Start with Why by Simon Sinek and Good to be Great by Jim Collins
Favourite dish: Grilled fish
Inspiration: Sheikh Zayed's visionary leadership taught me to embrace new challenges.
CHELSEA'S NEXT FIVE GAMES
Mar 10: Norwich(A)
Mar 13: Newcastle(H)
Mar 16: Lille(A)
Mar 19: Middlesbrough(A)
Apr 2: Brentford(H)
Key findings of Jenkins report
- Founder of the Muslim Brotherhood, Hassan al Banna, "accepted the political utility of violence"
- Views of key Muslim Brotherhood ideologue, Sayyid Qutb, have “consistently been understood” as permitting “the use of extreme violence in the pursuit of the perfect Islamic society” and “never been institutionally disowned” by the movement.
- Muslim Brotherhood at all levels has repeatedly defended Hamas attacks against Israel, including the use of suicide bombers and the killing of civilians.
- Laying out the report in the House of Commons, David Cameron told MPs: "The main findings of the review support the conclusion that membership of, association with, or influence by the Muslim Brotherhood should be considered as a possible indicator of extremism."
Global state-owned investor ranking by size
|
1.
|
United States
|
|
2.
|
China
|
|
3.
|
UAE
|
|
4.
|
Japan
|
|
5
|
Norway
|
|
6.
|
Canada
|
|
7.
|
Singapore
|
|
8.
|
Australia
|
|
9.
|
Saudi Arabia
|
|
10.
|
South Korea
|
Desert Warrior
Starring: Anthony Mackie, Aiysha Hart, Ben Kingsley
Director: Rupert Wyatt
Rating: 3/5
Groom and Two Brides
Director: Elie Semaan
Starring: Abdullah Boushehri, Laila Abdallah, Lulwa Almulla
Rating: 3/5
HWJN
%3Cp%3EDirector%3A%20Yasir%20Alyasiri%3C%2Fp%3E%0A%3Cp%3EStarring%3A%20Baraa%20Alem%2C%20Nour%20Alkhadra%2C%20Alanoud%20Saud%3C%2Fp%3E%0A%3Cp%3ERating%3A%203%2F5%3C%2Fp%3E%0A%3Cp%3E%3C%2Fp%3E%0A
Scores
Wales 74-24 Tonga
England 35-15 Japan
Italy 7-26 Australia
