19 May 2022

Tesla Hack Enables the Stealing of Cars

When did it become a bother to use a key? Hackers can steal your Tesla Model 3, Y using new Bluetooth attack

Mechanical keys have their problems, but Bluetooth has mostly been a security disaster from the outset.

Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices.

BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla Model 3 and Model Y.

And of course Tesla uses Bluetooth Low Energy as a the basis for an "entry system." Locks are an antiquated technology, beneath the view of Tesla engineers. They don't design locks. They design Entry Systems™.

Tesla is not the only company to have this particular fault. Kwikset brand's line of Kevo "smart locks" can also be overridden. And probably a whole bunch of other stuff that uses the same tech.

Here is the icing on the proverbial cake.

The Bluetooth Core Specification warns device makers about relay attacks and notes that proximity-based authentication shouldn’t be used for valuable assets.

I would say that securing my home and my car are two "valuable assets" and a higher grade of security is warranted. But hey, I'm not a Tesla Motors engineer.

This proves once again that engineers don't read specifications before blindly heading out to build something they think will be neato using the latest bit of tech they saw in their favorite magazine or saw on their favorite website or whatever. (It's the tech all the cool kids are using!)

No comments:

Post a Comment

Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.

Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.