- This topic is empty.
September 15, 2022 at 10:01 pm #66154Telegram SmartBoTModerator
- Topic 5954
- Replies 0
- posts 5954
#News(Security) [ via IoTGroup ]
When you use your phone to unlock a Tesla the device and the car use Bluetooth signals to measure their proximity to each other.This proximity authentication works on the assumption that the key stored on the phone can only be transmitted when the locked device is within Bluetooth range.
Now a researcher has devised a hack that allows him to unlock millions of Teslas—and countless other devices—even when the authenticating phone or key fob is hundreds of yards or miles away.The hack which exploits weaknesses in the Bluetooth Low Energy standard adhered to by thousands of device makers can be used to unlock doors open and operate vehicles and gain unauthorized access to a host of laptops and other security-sensitive devices.In the case of the locked Tesla the first attacker which we’ll call Attacker 1 is in close proximity to the car while it’s out of range of the authenticating phone.
Attacker 2 meanwhile is in close proximity to the legitimate phone used to unlock the vehicle.Attacker 1 uses her own Bluetooth-enabled device to impersonate the authenticating phone and sends the Tesla a signal prompting the Tesla to reply with an authentication request.Attacker 1 captures the request and sends it to Attacker 2 who in turn forwards the request to the authenticating phone.The phone responds with a credential which Attacker 2 promptly captures and relays back to Attacker 1.Attacker 1 then sends the credential to the car.
With that Attacker 1 has now unlocked the vehicle.Here’s a simplified attack diagram taken from the above-linked Wikipedia article followed by a video demonstration of Khan unlocking a Tesla and driving away with it even though the authorized phone isn’t anywhere nearby.When the target arrives at the destination and moves into Bluetooth range of the stashed device it retrieves the secret credential and relays it to the device stationed near the car (operated by Attacker 1).The susceptibility of BLE short for Bluetooth Low Energy to relay
AutoTextExtraction by Working BoT using SmartNews 1.03976805238 Build 04 April 2020
- You must be logged in to reply to this topic.