Since last summer’s update, the Teslas are visibly facing greater danger. By wanting to make life easier for users, the firm has created a breach for hackers.
Indeed, a feature allows drivers to start quickly without placing the key on the center console. It is possible to do this for 130 seconds, i.e. 2mn10, which allows an easier start.
But when the person opens their Tesla, it is actually a period of vulnerability that begins. Indeed, it is at this moment that the key of the Tesla is on the white list, that is to say available, without action on the key or the NFC cell.
During this time, it is possible to add a key to the electric car without authorisation. Worse, no indication of a key addition appears on the central screen of the electric car.
Tesla: Autopilot safety on the rise
In theory, the Tesla application allows you to block the addition of a key without being logged in with the user’s account. But Martin Herfurt, an Australian security researcher, found a loophole.
It reveals that during those 130 seconds, the vehicle communicates with any low-energy Bluetooth accessory. He therefore developed an application capable of communicating with the vehicle.
Solutions to solve part of the problem
Of course, this type of hacking is not within everyone’s reach. But for trained hackers, developing a simplistic application to communicate with the vehicle is not rocket science.
“The authorization given in the 130 second interval is too general”assures Herfurt. “There is no connection between the online account world and the offline bluetooth world. Each pirate who can see the vehicle appear in bluetooth will be able to send VCSEC messages to it. »
This diminutive means Vehicle Controller Secondary, and includes accessories that can be used as a key. And on the video, we can quickly see him pairing his application to the electric sedan.
Autonomous electric car blocks fire truck mid-stack in San Francisco
From there, he only has to come back when the car is stationary and unattended to steal it. Herfurt admits it can be difficult to pull off the operation in real-world conditions, but he had no trouble doing it for the video.
Herfurt advises to program a pin code on the car to be able to start and drive it. However, he admits that this does not prevent hackers from opening it and gaining access to its contents.