A brand new relay assault has demonstrated that Tesla automobiles will be stolen with a fast hack, however thieves have to work in pairs and get as shut as two inches out of your telephone or key card.
Safety researchers at IOActive reverse-engineered Tesla’s NFC protocol and have demonstrated a brand new relay assault:
To efficiently perform the assault, IOActive reverse-engineered the NFC protocol Tesla makes use of between the NFC card and the car, and we then created customized firmware modifications that allowed a Proxmark RDV4.0 gadget to relay NFC communications over Bluetooth/Wi-Fi utilizing the Proxmark’s BlueShark module.
After having the protocol, the safety researchers can construct a tool to rapidly replicate the sign and ship it to a different NFC-enabled gadget.
IOActive describes the assault in a white paper:
This relay assault requires two attackers; on this case, one of many attackers can be utilizing the Proxmark gadget on the car’s NFC reader, and the opposite can use any NFC-capable gadget (comparable to a pill, laptop, or for the needs of this instance, a smartphone) near both the sufferer’s Tesla NFC card or smartphone with the Tesla digital key. The Proxmark and the second attacker’s smartphone can talk by way of Bluetooth utilizing the BlueShark module for the Proxmark RDV4.0, and even by way of Wi-Fi, connecting the Proxmark to a tiny laptop like a Raspberry Pi or comparable with Bluetooth whereas the Raspberry Pi connects to the second attacker’s smartphone by way of Wi-Fi.
They launched a video demonstration of the hack on a Tesla Mannequin Y:
Whereas the assault does present a vulnerability, the thieves have to get the gadget inside two inches of the proprietor’s key card or telephone.
The safety researchers famous that they imagine that the hack will be achieved with longer distances between the gadget and the important thing utilizing Bluetooth, however they haven’t demonstrated that.
A Tesla car was lately used to show a Bluetooth hack that may unlock automobiles.
Thefts of Tesla automobiles are fairly uncommon in North America, however in Europe, they’ve some extra refined thieves that managed a string of Tesla car thefts by relay assaults, like this new one.
In response to these assaults, Tesla began rolling out additional layers of safety with an “improved cryptography” key fob and optionally available “PIN to Drive” function. As soon as utilized, these measures can drastically lower the possibilities of your Tesla car being stolen.
On this case, on prime of the PIN to Drive function, drivers can carry their Tesla key card in an RFID card holder to guard in opposition to the assault, but it surely wouldn’t apply if you happen to use your telephone as a key, which is what most Tesla homeowners do.
Subscribe to Electrek on YouTube for unique movies and subscribe to the podcast.