- Security consultants found a vulnerability in Tesla’s software that would allow thieves to open a car door, start the engine and drive in seconds
- This is because the 2021 software update eliminates the need for the key card to be placed on the center console to start the vehicle
- An attacker stands beside a Model Y owner with a device that collects data from a Tesla Key card, which is then sent by the vehicle to another attacker.
- The second attacker has a device that can pick up the data and simulate its actions
A security consulting firm has identified a sophisticated relay attack that allows just two thieves to unlock a Tesla Model Y and start the engine in seconds.
The operation requires one person to capture data from a Tesla owner’s nearby key card with their smartphone, while another waits by the target vehicle with a device designed to pick up data from their partner.
According to consulting firm IOActive, the attack is a flaw in a software update Tesla released in 2021 that eliminates the need for owners to put key cards on the center console to change a vehicle’s gears.
After the thief leaves with a stolen Tesla they can’t turn off the motor or restart it because they no longer have the original key card, but they may add a new card at some point , ledge Report.
The victim parks his car, unaware that two thieves are waiting to steal his vehicle. One of the thieves is following a Model Y owner to collect data from his Tesla’s cars
Before the software update, Tesla owners had to sit in the driver’s seat and put their key card on the center console to start the engine and shift from park to drive.
But it is no longer needed and thieves have found a way to take advantage of the loophole.
IOActive has two security advisors published one white paperExplain in detail how to attack.
Tesla uses near-field communication (NFC) to power its key cards. This protocol allows communication between two electronic devices that are in close proximity.
And in the case of Tesla, the device Model Y has key cards and NFC readers on its door.
‘To successfully execute the attack, IOActive reverse-engineered the NFC protocol used by Tesla between the NFC card and the vehicle, and then we created custom firmware modifications that enabled the Proxmark RDV4.0 device to connect to Bluetooth/Wi-Fi NFC communication is allowed to be relayed on. Using Proxmark’s BlueShark module,’ IOActive shared in the white paper.
The data from the key card is set up for another attacker with a Proxmark device (pictured), which can pick up the data and simulate its actions
IOActive also shared that it has contacted Tesla, which is well aware of the issue in other Tesla models. It’s not limited to the Model Y (pictured)
A Proxmark RDV4.0 is capable of identifying radio-frequencies, allowing key card information to be sent between thieves over Bluetooth.
It can also use radio frequencies to perform basic equipment functions.
‘An attacker places a Proxmark device on a vehicle’s NFC reader and another uses any NFC-enabled device (such as a tablet, computer, or a smartphone for the purposes of this example) in close proximity to the victim’s Tesla NFC card or Tesla A smartphone with a virtual key,’ according to the team.
And Proxmark and the other attacker’s device communicate over Bluetooth.
The NFC-enabled device collects the key card information, which it then sends to the Proxmark device which tells the NFC reader on the door to open.
The attacker on the target vehicle places a Proxmark for the car’s reader, which opens the door and allows the thief to start the car.
NFC sends a command back to the key card for approval, which is then intercepted by the attacker’s smartphone.
The smartphone then sends a response to the Proxmark with NFC to share that it can open the car door and let the person start the engine.
The team notes in the paper that this is only possible if the attacker can get at least four centimeters within the victim’s key card, which, according to the paper, is ‘when the victim’s attention is distracted, such as in a crowded nightclub’. /disco’, possible.
The document also highlights ways Tesla can fix the problem in its software.
“If the system can be more accurate with its timing while waiting for a crypto response, it will make it much harder to exploit these issues over Bluetooth/Wi-Fi,” it reads.
IOActive also shared that it has contacted Tesla, which is well aware of the issue in other Tesla models.
Tesla claims this security issue has been mitigated with a “Pin to Drive” feature, which will still allow attackers to open and access the car, but not allow them to drive it. However, this feature is optional, and Tesla owners who are not aware of these issues cannot use it,’ the paper concludes.
Credit: www.dailymail.co.uk /