Tesla Charging Ports Opened with HackRF Replay Attack

The charging port on Tesla electric vehicles is protected via a cover that can be opened by charging stations via a wireless signal transmitted at 315 MHz. It turns out that the command to open the port is totally without any security. This means it's possible to record or recreate the signal, and play it back anywhere using a transmit capable SDR device like a HackRF.

Twitter user @IfNotPike has done just that, managing to open the Tesla charging port using a handheld HackRF with Portapack setup. If you cannot record the signal, a repo hosting a valid signal file is available on GitHub from jimilinuxguy. Interestingly jimilinuxguy notes "The range for this is INSANE. I was able to perform this from VERY far away." and the same signal can be used to "open any and all Tesla vehicle charging ports in range"

Fortunately for Tesla owners, the level of damage a malicious party could cause through the charging port is limited, since the charging port is not active until a correct charging cable is connected. It also seems that the charging port on most models will automatically close after some time if no charger is connected.

Tesla Charging Port Opened with HackRF and Portapack | Credit:Β @IfNotPike
Subscribe
Notify of
guest

7 Comments
Inline Feedbacks
View all comments
c5e3

it was done in 2014 already, by a user known as CFSworks
https://www.youtube.com/watch?v=575TcQJJWok

WXfreak

You could haul around a generator and charge Teslas for free!

Telectroboy

I will try if the charge start without the key around. But yes possible!

Elvis

Tesla quietly added bi-directional charging capability, so theoretically it might be possible to “steal” power from one vehicle to another.

Roy

So instead of carrying a short length of vinyl hose, we can carry around a Tesla “patch cord”? Hillbillies of the world enter the 21st century!

Telectroboy

Fake, it’s one way charger. The guy who analysed new onboard charger misinterpret diodes with transistors.

Sivaelid

IT mainly works on 433.92Mhz world wide.