News hardware Tesla: a new flaw allows your car to be stolen in just 130 seconds
It’s definitely not going well in terms of security at Tesla lately… After the relay antenna hack we were telling you about last month, an Austrian researcher has just undermined the security of NFC access cards and shows us how to hack a Tesla in just 130 seconds!
Security vulnerabilities are on the rise at Tesla
Remember, a short month ago, we told you about a flaw discovered by Manchester-based security researchers who could unlock and start a Tesla via a flaw in the Bluetooth Low Energy protocol and a system of relay antenna, our merry fellows had succeeded, video in support, to seize a Tesla Model Y in absolute calm.
Tesla: a major flaw allows you to take control of your vehicle
We owe the find of the day to a certain Martin Herfut, an Austrian researcher specializing in computer science and cybersecurity, who had fun circumventing the limits of unlocking via the car access card and NFC technology, one of the three possible methods to open the car with the phone application and… the key fob.
And although the vast majority of users use their phone (according to Tesla) to unlock their car, the NFC card remains widely used in certain conditions or when you are too lazy to take your phone out of your bag, for example. And that’s where our researcher rushed in.
Remember to activate double authentication by PIN code
Since a previous update, Tesla makes it much easier to start the car after unlocking it through the NFC card. Whereas before you had to place the card on the center console in order to start the vehicle, now you can do anything, including start, for 130 seconds after unlocking…
Concretely, and as can be seen in the short introductory video, during those famous 130 seconds where everything is “permitted”, Martin Herfut succeeded in exchanging data between the targeted car (here Model 3 and Y) and an in-house application which he himself developed, called “Teslakee”, capable of communicating with the car during those famous 130 seconds, enough to register a new key which allows him to naturally take control of the car as if he were was the owner.
According to him, all models are affected, including the most recent such as the Model S and X.. After the hacking by relay antenna and that of the NFC cards, there remains however a method of locking still reliable to this day, the double authentication by code PIN. So of course, we lose a few seconds in the morning when we want everything to be automatic, but at least, without your code, no theft!