Austrian security researcher Martin Herfurt has demonstrated that electric vehicle company Tesla's updated near-field communication key card can be hacked.
The update allows the car to automatically start within 130 seconds of being unlocked, and enables new keys to be accepted without authentication or indication from the in-vehicle display.
Although the Tesla app disallows keys to be enrolled unless connected to the owner's account, Herfurt found the car shares messages with any nearby Bluetooth Low Energy device.
He crafted an app that speaks the same language the Tesla app uses to communicate with Tesla vehicles.
A malicious proof-of-concept version allows thieves to secretly enroll their own keys during the 130-second interval, then exchange VCSec messages that enroll the key.
From Ars Technica
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA