A way to steal a Tesla car in an instant is discovered



Tesla's electric vehicles, which are equipped with autonomous driving functions, have gained great popularity and have many owners in Japan. By abusing the key system of such a Tesla car, ' a method of registering and stealing a new key ' has been discovered.

Gone in 130 seconds: New Tesla hack gives thieves their own personal key | Ars Technica

https://arstechnica.com/information-technology/2022/06/hackers-out-to-steal-a-tesla-can-create-their-very-own-personal-key/

There are three types of keys on Tesla cars:

・ ' Telephone key ' to unlock and start by bringing the registered smartphone close to
・ Card-type ' key card ' used when the battery of a smartphone runs out
・ 'Key fob ' similar to a general car

Of the above keys, the key card also serves as an 'authentication key when registering a smartphone' in addition to unlocking and starting the Tesla vehicle. There is a time limit for starting with a key card, ' It is necessary to start within 2 minutes (actually 130 seconds) from scanning the key card ', but in fact it accepts starting 130 It turned out that Bluetooth communication is also permitted per second, and it is possible to additionally register a phone key from the outside.

In the following movie, you can re-register the phone key using the application ' TeslaKee ' that imitates the communication between the Tesla car and the smartphone, and you can see how the Tesla car is stolen.

Gone in under 130 Seconds-YouTube


The owner uses the card key to unlock the Tesla car.



An attacker waiting within reach of Bluetooth will perform additional phone key registration with Tesla Kee. The screen of the attacker's smartphone is displayed in the upper left.



You should be required to authenticate with the card key when registering additional phone keys, but after the authentication screen is displayed for a moment ...



The additional registration completion screen is displayed. Additional registration of the phone key was completed within 20 seconds after the owner scanned the card key. Also, there is no notification in the car while the attacker is registering additional phone keys.



The owner started operation without noticing that the additional registration of the telephone key was done.



And at a later date, the attacker unlocks the Tesla car with the additionally registered phone key ...



Get in without difficulty.



I just ran away.



It seems that the card key is used only when the phone key cannot be used, such as when the smartphone battery is dead or lost, but in reality, the phone key becomes unusable just by the attacker using a jamming device. It will be. In other words, if an attacker uses a jamming device, the above attack will be possible with the message 'I can't use the phone key ... Is it unlocked with the card key ...'.



Movie contributors are encouraged to check the list of registered phone keys to prevent theft of Tesla cars. Foreign media Ars Technica asked Tesla for comment, but did not respond.

in Ride,   Security, Posted by log1o_hf