Sign In

Communications of the ACM

ACM TechNews

Tesla Hack Gives Thieves Their Own Personal Key

View as: Print Mobile App Share:
A Tesla Model Y driving on Autopilot.

The official Tesla phone app does not permit keys to be enrolled unless it is connected to the owner's account, but Herfurt found the vehicle gladly exchanges messages with any Bluetooth Low Energy (BLE) device nearby.

Credit: Getty Images

Austrian security researcher Martin Herfurt has demonstrated that electric vehicle company Tesla's updated near-field communication key card can be hacked.

The update allows the car to automatically start within 130 seconds of being unlocked, and enables new keys to be accepted without authentication or indication from the in-vehicle display.

Although the Tesla app disallows keys to be enrolled unless connected to the owner's account, Herfurt found the car shares messages with any nearby Bluetooth Low Energy device.

He crafted an app that speaks the same language the Tesla app uses to communicate with Tesla vehicles.

A malicious proof-of-concept version allows thieves to secretly enroll their own keys during the 130-second interval, then exchange VCSec messages that enroll the key.

From Ars Technica
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found