Yet another flaw in Tesla’s security system has been uncovered by security researchers that could make it easier to steal a vehicle. This time, potential thieves could use a 130-second time to effectively cut off their own digital key after unlocking a car.
The error was noticed by Martin Harfurt, an Austrian security researcher who has in the past discovered other security flaws related to the company. This time, he discovered a vulnerability that appears to have been created after an update last August that allowed drivers to turn on Tesla as soon as they unlocked it with an NFC key card without leaving a key card on the center console.
The update aims to make it more convenient for drivers to take off with 130 seconds to start their car without any additional steps. The problem is, though, that for the time being, the car has been kept in such a state to receive new keys without authentication. The car does nothing to notify the driver if a new key is registered using this method.
Read more: Hackers enter and launch Tesla using Bluetooth, just as other automakers are sensitive
Although the Tesla phone app does not allow new keys to be registered until it is connected to the owner’s account, Harfort saw that the car would talk to any Bluetooth Low Energy (BLE) device nearby. So he created an app that says the same “language” as the official Tesla app and uses it to communicate with cars.
“130-second interval authorization is very common. [it’s] Not just for the drive, ”Harfort told Ars Technica. “There is no connection between the world of online accounts and the world of offline BLE. Any attacker can see the Bluetooth LED advertisement of any vehicle and send VCSEC message on it. ”
In a video, the hacker showed that if he was near a car while unlocking with an NFC key card, he could effectively cut off his key using his app and then steal it. He admits that it can be a bit daunting to perform in the real world but in doing so he had the ability to unlock, start and stop a car through his app, without ever making the owner aware. Harfurt says he has tried the device on both the Model 3 and Y cases and, although he did not actually do so on the latest models S and X, he hopes they are also vulnerable to this attack.
This sounds like another weakness discovered by UK researchers in May. They also exploited BLE vulnerabilities but instead of cutting a new key, they used a key and two devices to act as relays between cars. Unlock and get started.
Tesla has not commented publicly on security vulnerabilities, and Harfurt said he is not waiting for the issue to be resolved. He advises, therefore, to be very careful about how and when you use your NFC key card.
He further recommends that drivers set up a pin 2 drive so that thieves are not actually able to start the car, although this does nothing to prevent them from unlocking a car. This means that owners only need to check the list of authorized keys to turn on their vehicles regularly to make sure they are aware of each key on the list.