Xinyi Xie

**Name of the Vulnerable Software and Affected Versions** Tesla Model 3 version V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app version v4.23 **Description** The issue allows attackers to bypass authentication by spoofing, specifically targeting the Phone Key authentication in the Tesla Model 3. This is vulnerable to Man-in-the-middle attacks in the BLE channel, enabling attackers to gain unauthorized access to open the door and drive the car away by leveraging access to a legitimate Phone Key. **Recommendations** For Tesla Model 3 version V11.0(2022.4.5.1 6b701552d7a6), consider disabling the Phone Key authentication feature until a patch is available. For Tesla mobile app version v4.23, restrict access to the BLE channel to minimize the risk of exploitation.