The fact that Bluetooth Low Energy (BLE) is a Bluetooth standard with questionable security vulnerabilities is nothing new. However, another glaring problem has now emerged, which is likely to annoy Tesla owners in particular. For example, it should be possible to open the doors of some models with BLE without any problems and, in many cases, even start the car.
A new standard is needed
In particular, the two entry-level models Tesla Model 3 and Model Y are affected by the problem. This has been revealed by the NCC Group as part of a model test. Due to the insufficient encryption of BLE, it should be possible to leverage the security mechanisms of the two vehicles without much of a detour. In practice, this allows thieves to bypass the door locking mechanism even at a distance of several meters. This is where relay attacks come into play. While the Tesla owner wants to lock the door of the vehicle with the smartphone or card, this is prevented by a signal and caught in the process. Ultimately, the criminal holds the appropriate signal and thus a duplicate key for the car in his hands. The NCC Group was able to open a foreign Tesla at a distance of 25 meters with the help of the appropriate technical features.
Tesla owners should use additional PIN
The security problem, which the NCC Group has now made clear once again, is not new for Tesla. When it was pointed out back in 2018, the company unceremoniously integrated the option of an additional PIN in its vehicles. Only after entering this PIN can the car then actually be started. However, this still means that a person who has taken advantage of BLE’s vulnerability can gain access to the car and thus also to the valuables inside. Improvements are definitely needed here.
No replies yet
Neue Antworten laden...
Gehört zum Inventar
Beteilige dich an der Diskussion in der Basic Tutorials Community →