an identified Serious flaws in Tesla’s EV certification system. this is possible steal About 2 minutes a car passing violation in discovering way of the vehicle deal with key Based on NFC technology (Near Field Communication).By using specific methods, individuals can open the door a car, start the engine and Register a new key without the official app — or authorization normally required.
View hosted at YouTubeexplaining the situation:
This proof of concept Depend on Martin Herford. The vulnerability was discovered following an official software change implemented in August, when Tesla An update has been released that modifies the mechanism for handling keys NFC. Previously, they had to be on the vehicle’s dashboard full-time; however, with the modification, the doors were allowed to open and leave only way authentication card.
fault has been found within the first 130 seconds program of.According to explanation Herford, as published on this site:
“Not only is general permission to operate during this interval, but tasks performed during this interval are not revoked; for example, if the car detects that the key is not at hand, the car will not stop. Furthermore, during this interval , the system exchanges information with the Bluetooth Low Energy device, which enables experts to create an application that allows a new NFC key to be registered as if it belonged to the car owner.“
The expert also demonstrated how to block other methods of accessing the car, such as mobile apps and physical keys, to force the use of NFC, allowing an attacker to register the keys within two minutes to steal the vehicle later.
The program is applied without any warning From the official app – even from the vehicle. The step of registering a key that the owner does not recognize is performed anonymously.This vulnerability is exploited in Tesla Model Y and Model 3. Although, Herford Say all cars with the system drive exist NFC It’s fragile invasion.
continue after ad
due to safety concerns, Details needed to fully replicate Onslaught won’t be revealed, but officials confirm he’ll be releasing a limited edition Tesla base, Explore the app — it’s out of the question Criminals use the software to steal cars with the aforementioned capabilities.
On social media, some users claimed they had notified the automaker of other similar issues some time ago. until nowOne Tesla has not officially commented.
Are you considering buying products online? Discover the Save the Connected World extension for Google Chrome. It’s free and gives you price comparisons and coupons from major stores, so you can always get the best deal. Download now.