A demonstration movie that reports the problem that even others can open the door of the Tesla car without permission with one touch is also released
By hacking the
Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks – NCC Group Research
https://research.nccgroup.com/2022/05/15/technical-advisory-tesla-ble-phone-as-a-key-passive-entry-vulnerable-to-relay-attacks/
Hackers can steal your Tesla Model 3, Y using new Bluetooth attack
https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/
If you play the following movie, you can see how the door of the Tesla car is actually unlocked by hacking.
Hacking Tesla Model Y using new BLE relay attack on Vimeo
Tesla's Model Y has the ability to use Bluetooth to detect when the owner is approaching and unlock it by simply pressing the door handle.
Therefore, first place the smartphone in a room away from the car. Bluetooth has a short communication distance, so no one else should be able to open the door without permission.
However, when security researchers operate laptops instead of smartphones ...
The door opened easily.
This attack is a relay attack that impersonates the original owner by intercepting communication by Bluetooth Low Energy (BLE) . In this demonstration, the distance between the iPhone and the car was 25 meters, but we were able to unlock the car with a signal from the iPhone using two repeaters 7 meters from the iPhone and 3 meters from the car.
To prevent such attacks, products that use BLE have a mechanism to check for delays and detect fraud. However, this time the NCC Group has succeeded in keeping the delay to 8 milliseconds, which is significantly shorter than the allowable range of 30 milliseconds, by developing a method that operates in a layer called the 'link layer' that controls Bluetooth. Did.
The NCC Group reported the technology to Tesla, but the company replied that 'relay attacks are a known limitation of passive entry systems.' Bleeping Computer, an IT news site, said, 'The method of providing a fix for this security issue is complicated, and even if immediate action is taken, it will take a long time for the affected product to be updated. It is expected that this will happen, 'he said, saying that this problem will not be fundamentally resolved for the foreseeable future.
Bleeping Computer also told users of Tesla cars and devices that unlock via Bluetooth, 'If possible, we should disable this method of authentication and switch to another authentication method that requires user action.' I made a suggestion. For example, for Tesla vehicles, it is recommended to use a ' drive PIN ' to set a PIN for added security.
Related Posts: