Tag Archive for: Tesla’s

Keyless hack can unlock and start cars — including Teslas

/in


Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of electric vehicles.

A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group.

By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.

The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.

There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.

Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said.

The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as a method that hackers exploit to unlock smart technologies, including house locks, cars, phones and laptops, Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.

Kwikset Corp. Kevo smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in the lock app.

A…

Source…

A Teen Took Control of Teslas by Hacking a Third-Party App

/in


On Friday, Russia did the previously unimaginable: It actually arrested a bunch of ransomware operators. Not only that, but members of the notorious group REvil, which has been behind some of the biggest attacks of the last several years, including IT management firm Kaseya and meat giant JBS. Russian president Vladimir Putin had previously given ransomware hackers a free pass. It’s not clear yet whether this was a calculated political move, a sign of a broader crackdown, or both, but it’s certainly a watershed moment.

As everyone scrambles to find Log4j in their systems—no easy task for even well-resourced companies—the FTC has set strict deadlines for patching the very bad, no good vulnerability in the ubiquitous logging library. It’ll be unlikely if not impossible for everyone to find it in time, which speaks more to the fragile and opaque nature of the open source software world than the FTC’s aggressive timeline.

Telecoms around the world have pushed back against Apple’s Private Relay, a not-quite-VPN that bounces your traffic through a couple of servers to give you extra anonymity. T-Mobile in the US recently blocked it for customers who had parental control filters. It’s unclear why they’ve taken those measures against Apple and not the many, many VPNs that work unfettered, but it may have to do with the potential scale of Apple customers who could sign up for the service.

In other Apple privacy news, iOS 15 brought with it a new report that shows you what sensors your apps are accessing and what domains they’re contacting. It’s a lot of information all at once; we helped break down how to read it

North Korean hackers had a “banner year” in 2021, stealing nearly $400 million of cryptocurrency. And while Israeli spyware vendor NSO Group insists that it has controls in place to prevent abuses of its product, dozens of journalists and activists in El Salvador had their devices infected with Pegasus, NSO’s signature product, as recently as November.  

And that’s not all! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.

A 19-year-old security researcher named David Colombo detailed this week how he…

Source…

Beyond Supercharging: Charging With Tesla’s Gen 2 Mobile Connector – Part I – CleanTechnica

/in

Beyond Supercharging: Charging With Tesla’s Gen 2 Mobile Connector – Part I  CleanTechnica

June 15th, 2019 by Steve Bakker. Put your propeller caps on folks. It’s time to take a deep dive into the magic behind the charging cable that came in the trunk of …

“Don’t Plug Your Phone into a Charger You Don’t Own” – read more

These Chinese hackers tricked Tesla’s Autopilot into suddenly switching lanes – CNBC

/in

These Chinese hackers tricked Tesla’s Autopilot into suddenly switching lanes  CNBC

A group of Chinese hackers published a report showing how they tricked Tesla’s Autopilot self-driving software into swerving into an oncoming traffic lane.

“chinese hackers” – read more