Vulnerability In Bluetooth Low Energy Allows Hackers To Tesla Cars

Abdul Ghani

Security researchers have found a new vulnerability in BLE. Various doors can be opened above it, including those of some Teslas. A vulnerability in the Bluetooth Low Energy (BLE) standard makes it possible to bypass security locks and open doors from a few meters away. The NCC Group has demonstrated this on Tesla's Model 3 and Model Y electric cars.

BLE is often used for data exchange over short distances in access control. This can be used, for example, to open cars and other doors wirelessly. The standard is also used for mobile devices. In order to open a lock via BLE, the key, which is a car can also be a smartphone, must be in the immediate vicinity of the lock.

This can be avoided with relay attacks, in which the signal is transmitted from the key to the lock via a repeater. This vulnerability has been known for years. Security measures have already been put in place to prevent such relay attacks.

The lock could be opened from 25 meters

However, security researchers from the NCC Group say they were able to circumvent these additional security measures. They modified the link-layer encryption and were thus able to open locks from 25 meters. That went, both with one and with two repeaters.

The NCC Group announced that it was possible to open and operate the car with a repeater placed within the BLE range of a key fob or smartphone of a Model 3 or Model Y. However, not only cars are vulnerable: According to the NCC Group, doors with the Kevo locking system, which the manufacturer Spectrum Brands use in its Kwikset and Weiser brands, are also affected.

The NCC Group has warned

The security company had informed both Tesla and Spectrum Brands and the Bluetooth Special Interest Group (SIG), which managed the standard before the vulnerability was published. Tesla introduced a PIN as a security feature in 2018 in response to previous attacks.

If this function is activated, the car can only be started after entering a code. An intruder using the attack described by the NCC Group could then open the car, but not drive away with it.

Comments / 0

Published by

Member Of Freelancers Union (USA), Freelance Writer!, and Digital Creator. Ghani Mengal is an enthusiast Freelance blogger and digital marketer. His content has been published and featured on many popular blogs, websites, and publications. Including TeelFeed, LifeHack.org, Data-Driven Investor, TextSniper, Scientific Publication The Predict, The Startup, The Ascent, Heart Affairs, Illumination, And The List goes on.

N/A
1850 followers

More from Abdul Ghani

Comments / 0