A new relay attack shows that Tesla cars can be stolen quickly, but thieves need to work in pairs and get as close as two inches to your phone or key card.
Researchers at IOActive looked at Tesla’s NFC protocol and figured out how it works. They then showed a new relay attack:
To make the attack work, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the car. We then made custom firmware changes that allowed a Proxmark RDV4.0 device’s BlueShark module to relay NFC communications over Bluetooth and WiFi.
Once the security researchers have the protocol, they can make a device that quickly copies the signal and sends it to another NFC-enabled device.
In a white paper, IOActive talks about the attack:
This relay attack needs two attackers. In this case, one attacker will use the Proxmark device at the vehicle’s NFC reader, and the other can use any NFC-capable device (like a tablet, computer, or in this case, a smartphone) close to the victim’s Tesla NFC card or smartphone with the Tesla virtual key.
Using the BlueShark module for the Proxmark RDV4.0, the Proxmark and the second attacker’s smartphone can talk to each other over Bluetooth or Wi-Fi. The Proxmark can connect to a small computer like a Raspberry Pi or something similar over Bluetooth, and the Raspberry Pi can connect to the second attacker’s smartphone over Wi-Fi.
In a video, they showed how the hack worked on a Tesla Model Y.
Even though the attack shows weakness, the thieves need to get the device within two inches of the owner’s phone or key card.
The security researchers said that they think the hack can be done with more distance between the device and the key by using Bluetooth, but they haven’t shown that.
A Bluetooth hack that can open cars was recently shown off using a Tesla car.
In North America, Tesla cars aren’t stolen very often, but in Europe, where thieves are smarter, a string of Tesla cars have been stolen through relay attacks like this one.
As a result of these attacks, Tesla started adding extra layers of security, like a key fob with “improved cryptography” and an optional feature called “PIN to Drive.” When done, these steps can make it much less likely that your Tesla will be stolen.
In this case, drivers can protect themselves from attack by carrying their Tesla key card in an RFID card holder. This wouldn’t work if you use your phone as a key, which is what most Tesla owners do.
READ MORE ARTICLES: