Using a new Bluetooth assault, hackers can hijack your Tesla Model 3, Y.

Unlock your Tesla with the new Bluetooth – Overview

A novel Bluetooth relay attack that can remotely unlock and drive select Tesla automobiles has been shown by security experts.

The flaw is in Bluetooth Low Energy (BLE), the technology used by Tesla’s entry system, which allows drivers to unlock and operate their car from a distance using an app or key fob.

Most proximity-based authentication devices and vehicles are built to withstand various relay attacks, typically capturing the radio signal used to unlock a car and replaying it as if it were an original request.

Employing encryption and introducing checks make relay attacks more difficult.

Researchers from the NCC Group in the United Kingdom have developed a tool for carrying out a new BLE link-layer relay attack that bypasses existing mitigations, allowing attackers to unlock and operate vehicles remotely.

Unlock your Tesla with the new Bluetooth
Unlock your Tesla with the new Bluetooth

In a blog post, Sultan Qasim Khan, a senior security consultant at NCC Group, said the assault was tried on a 2020 Tesla Model 3 with an iPhone 13 mini running an older version of the Tesla app.

The researchers said the iPhone was put 25 meters away from the vehicle, with two relaying devices between the iPhone and the automobile.

The researchers were able to unlock the car remotely using the technique.

The experiment was also successfully duplicated on a Tesla Model Y from 2021 with the same “phone-as-a-key” technology.

While the assault was shown on Tesla vehicles, Khan warns that any car with a BLE keyless entry device could be vulnerable.

According to a separate advisory from NCC Group, the assault could also be used against the Kwikset and Weiser Kevo smart lock lines, which offer BLE passive entry through their “touch-to-open” capability.

“Our research demonstrates that systems that people rely on to protect their automobiles, houses, and private data use Bluetooth proximity authentication procedures that are easily bypassed with inexpensive off-the-shelf hardware,” Khan said.

Unlock your Tesla with the new Bluetooth
Unlock your Tesla with the new Bluetooth

Tesla & the Bluetooth Special Interest Group (SIG), an industry group that supervises the development of the Bluetooth standard, received the information.

While conceding the problem, the SIG argued that relay attacks were a known Bluetooth vulnerability.

According to Tesla officials, relay assaults were also a recognized flaw of the passive entry system.

Tesla did not reply to TechCrunch’s request for comment. (Tesla’s public relations team was terminated in 2020.)

“The SIG should aggressively inform its members developing proximity authentication systems about the hazards of BLE relay attacks,” Khan added.

Unlock your Tesla with the new Bluetooth
Unlock your Tesla with the new Bluetooth

“Moreover, documentation should make it clear that relay attacks are possible and should be included in threat models, and that neither link-layer encryption nor standard response timing assumptions are adequate defenses against relay attacks.”

Tesla owners should disable the passive entry mechanism in the mobile app and employ the PIN to Drive function, which requires a four-digit pin to be input before the vehicle can be driven.

Tesla has a history of security vulnerabilities. For example, a 19-year-old security researcher claimed that he could remotely access dozens of Teslas worldwide due to security flaws discovered in an open-source logging application popular with Tesla owners, which exposed their cars to the internet.

ALSO, READ| New 2023 BMW 3 Series|Sleeker Design|Curved Display!

Unlock your Tesla with the new Bluetooth
You might also like

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More