Tesla's new hack allows thieves to unlock and steal cars in 10 seconds
Content
A researcher at a major security firm has discovered a way to gain access to a Tesla vehicle without the owner of the vehicle being present. This practice is worrisome as it allows thieves to hijack a car in as little as 10 seconds using Bluetooth LE technology.
A security researcher successfully exploited a vulnerability that allowed them not only to unlock the Tesla, but also to drive away without touching one of the car's keys.
How was Tesla hacked?
In a video shared with Reuters, Sultan Qasim Khan, a researcher at cybersecurity company NCC Group, demonstrates an attack on a 2021 Tesla Model Y. Its public disclosure also states that the vulnerability was successfully applied to the 3 Tesla Model 2020. Using a relay device connected to a laptop, an attacker can wirelessly close the gap between the victim's car and the phone by tricking the vehicle into thinking the phone is within range of the car when it could be hundreds of miles, feet (or even miles) away. ) From him.
Hacking based on Bluetooth Low Energy
If this method of attack sounds familiar to you, it should. Vehicles using rolling code authentication key fobs are susceptible to relay attacks similar to the Tesla that Khan used. Using a traditional key fob, a pair of scammers expand the car's passive keyless interrogation signals to . However, this Bluetooth Low Energy (BLE) based attack could be staged by a couple of thieves or someone who places a small internet-connected relay somewhere the owner has to go, like a coffee shop. Once the unsuspecting owner is within range of the relay, it only takes a few seconds (10 seconds, according to Khan) for the attacker to drive away.
We have seen relay attacks used in many car theft cases across the country. This new attack vector also uses range extension to trick the Tesla car into thinking a phone or key fob is within range. However, instead of using a traditional car key fob, this particular attack targets the victim's mobile phone or BLE-enabled Tesla key fobs that use the same communication technology as the phone.
Tesla vehicles are vulnerable to this type of contactless technology.
The specific attack carried out is related to a vulnerability inherent in the BLE protocol that Tesla uses for its phone as a key and fobs for the Model 3 and Model Y. This means that while Teslas are vulnerable to an attack vector, they are far from the only target. Also affected are household smart locks, or almost any connected device that uses BLE as a device proximity detection method, something the protocol was never intended to do, according to the NCC.
“Basically, the systems people rely on to protect their cars, homes and personal data use Bluetooth contactless authentication mechanisms that can be easily hacked with low-cost, off-the-shelf hardware,” the NCC Group said in a statement. "This study illustrates the dangers of technology being misused, especially when it comes to security issues."
Other brands such as Ford and Lincoln, BMW, Kia and Hyundai may also be affected by these hacks.
Perhaps even more problematic is that this is an attack on the communication protocol and not a specific bug in the car's operating system. Any vehicle that uses BLE for the phone as a key (such as some Ford and Lincoln vehicles) is likely to be attacked. Theoretically, this type of attack could also be successful against companies using Near-Field Communication (NFC) for their phone as a key feature, such as BMW, Hyundai, and Kia, although this has yet to be proven beyond the hardware. and the attack vector, they must be different in order to carry out such an attack in NFC.
Tesla has the Pin advantage for driving
In 2018, Tesla introduced a feature called "PIN-to-drive" which, when enabled, acts as a multi-factor layer of security to prevent theft. Thus, even if this attack were carried out on an unsuspecting victim in the wild, the attacker would still need to know the vehicle's unique PIN in order to drive away in his vehicle.
**********
:
