Sultan Qasim Khan at U.K.-based security firm NCC Group has devised an exploit for unlocking Teslas and countless other devices by hacking the Bluetooth Low Energy (BLE) standard.
The simplest form of this relay attack involves two hackers who share data through an open Internet connection, and are respectively close to the Tesla and the authenticating phone.
Attacker 1 captures the authenticating request from the Tesla and sends it to Attacker 2, who forwards the request to the phone and records and sends the phone-transmitted credential to Attacker 1, who then can unlock the car.
The hack thwarts countermeasures like encrypting phone-transmitted credentials, and Khan said practically any BLE device that authenticates on proximity alone is susceptible.
From Ars Technica
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA