In addition to unlocking Tesla, security researchers have successfully exploited a vulnerability that allows them to drive a car without touching one of the car’s keys.
With a video shared with ReutersSultan Qasim Khan, Researcher at Cyber Security Company NCC GroupShows an attack on the 2021 Tesla Model Y. The publication also states that the vulnerability was successful in the 2020 Tesla Model 3. By utilizing a relay device connected to the laptop, an attacker can wirelessly close the gap between cars. Victim’s phone. Fool the vehicle into thinking that the phone is within range of the vehicle when it can be hundreds of feet (or miles) away.
If this attack method sounds familiar, you need to do so. Cars that use key fobs with rolling code authentication are vulnerable to relay attacks similar to Tesla, which Khan abused. In a traditional key fob, two malicious individuals extend the vehicle’s passive keyless entry probing signal to a second device within the real key range. However, this Bluetooth Low Energy (BLE) -based attack could be manipulated by a pair of thieves, or someone who places a small relay connected to the Internet where the owner must go, such as a coffee shop. I have. When an unsuspecting owner is within range of the relay, the villain takes only a few seconds (10 seconds, according to Khan) to drive the car.
We saw Relay attack Previously used in many cars Theft nationwide.. This new attack vector also uses range extensions to trick Tesla vehicles into thinking that a phone or key fob is within range. However, this particular attack focuses on the victim’s cell phone, or Tesla’s BLE-enabled key fob, which uses the same communication technology as the phone, rather than leveraging traditional vehicle key fobs.
The specific attack carried out is due to a vulnerability specific to the BLE protocol. This is used by Tesla for phones as keys and model 3 and model Y fobs. That is, Tesla is vulnerable to attack vectors. , They are far from the only target. Residential smart locks, or almost any connected device that uses BLE as a way to detect device proximity (according to NCC, the protocol was not designed to run) is also affected.
“In effect, the systems people rely on to protect their cars, homes and personal data use Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware,” the NCC Group said. Stated in a statement. Reuters.. “This study shows the dangers of using the technology for reasons other than its intended purpose, especially when security issues are involved.”
Perhaps even more annoying is that this is not a specific flaw in the vehicle’s operating system, but an attack on the communication protocol. Cars that use BLE for phone calls as a key (some cars, etc.) Ford And Lincoln vehicles) can be vulnerable to attack. Theoretically, this type of attack could also be successful against companies using Near Field Communication (NFC) for key phone features such as BMW, Hyundai, and Kia, but still Not proven. To perform such an attack against NFC, the hardware and attack vector must be different.
Tesla introduced a feature called “PIN-to-drive” in 2018. When enabled, it acts as a multi-layer of security to prevent theft. Therefore, even if this attack is carried out against an unprotected victim in the wild, the attacker needs to know the vehicle’s unique PIN in order to escape with the vehicle. Obviously, this doesn’t prevent the vehicle from unlocking and may not be easier to perform than a simple smash and grab (although it’s certainly stealth).