Tag Archive for: Tesla
Elon Musk, Could This Hack Get Your Tesla Stolen?
Tesla’s cars are notoriously hackable, and a new video demonstrates a way an adept cybercriminal could hop inside your car’s system and take it for a ride if they’re nearby.
First reported by Ars Technica, the exploit involves manipulation of a relatively new feature that Tesla added last August. The feature allows drivers to turn on their vehicles merely by opening the car’s door with a near-field communication (NFC) key card. Those cards come with all Tesla Model 3 vehicles and use short range radio-frequency identification (RFID) signals to interact with the car’s computer system. Unlocking the door launches a 130 second period where the car starts up all on its own. It allows the driver to have the car running as soon as their butt is in the seat.
But that new mode is also vulnerable to a unique exploit that could get your sweet ride jacked, according to Martin Herfurt, an Austrian security researcher. Herfurt says that Tesla’s feature doesn’t just turn your car on automatically; it also puts it in a state where the vehicle is open to “whitelisting” new keys to unlock the car door. Aside from NFC cards, Tesla Model 3s can also be unlocked with either a key fob or a Tesla mobile app registered to the owner’s account.
Herfurt created his own mobile app, which he dubbed the “TeslaKee,” that communicates with the feature in VCsec—the language that the Tesla app uses to chat with Tesla vehicles—and which he says is able to “whitelist” itself as a key that can open the car’s doors. Keys can be remotely added in this way by abusing the new feature, with no authentication requirements necessary to add them, Herfurt claims. He made a YouTube video showing how the exploit could work. It’s pretty damn simple. You can check it out down below:
Granted, the situation you would have to be in for this to happen is ridiculous. First, the hacker would have to do what Herfurt has done, and engineer their own app. Then, they’d have to sit around and wait for you to park your car. Then, presumably, they’d execute the exploit, and trail you until you reached a destination and got out. Then, yes, they could hijack your ride. A…
Tesla Model 3, Model Y’s keyless entry system can be compromised, shows hacker
A cybersecurity researcher noted that tinkering with Tesla’s keyless entry system relies on Bluetooth Low Energy (BLE) protocol.
While Tesla’s keyless entry system may be one of its most convenient features, it also has a loophole. A cybersecurity researcher has demonstrated to Bloomberg how the technology can be compromised, allowing thieves to unlock and drive off with certain models of electric vehicles from Tesla. According to Sultan Qasim Khan, principal security consultant at security firm NCC Group, hackers can redirect communications between a car owner’s mobile phone, or key fob, and the car, especially in case of Tesla Model 3 and Model Y.
Outsiders can fool the keyless entry system into thinking the owner is located physically near the vehicle. Khan, however, clarified that the hack is not specific to Tesla but he demonstrated the hack on one Tesla’s car models. He stated that the result of his tinkering with Tesla’s keyless entry system relies on Bluetooth Low Energy (BLE) protocol.
(Also read | Tesla puts India entry plan on hold after deadlock on EV tariffs: Sources)
However, there is no evidence that thieves have actually used the hack to improperly access Tesla vehicles. The researcher further noted that to fix the issue, the carmaker would need to alter its hardware and change its keyless entry system. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.
During the demonstration to Bloomberg, Khan conducted a so-called relay attack, in which a hacker uses two small hardware devices that forward communications. To unlock the car, he placed one relay device within roughly 15 yards of the Tesla owner’s smartphone or key fob and a second, plugged into his laptop, near to the car.
The technology utilized custom computer code that Khan had designed for Bluetooth development kits, which are sold online for less than $50. The hardware needed, in addition to the custom software, costs roughly $100, and can also be…
Tesla hacker demonstrates how to unlock doors, start the electric motor
Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of the electric vehicles.
A hack effective on the popular S and Y Tesla cars would allow a thief to unlock a vehicle, start the electric motor and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group. By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.
The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models.
Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.
There’s no evidence that thieves have used the hack to improperly access Teslas.
The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.
Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.
BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as method that hackers exploit to unlock smart technologies including house locks, cars, phones and laptops, Khan said.
NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.
Kwikset Corp. smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in lock app. A…