Connect with us

Tech

In 130 seconds: A new Tesla hack allows thieves to get their personal keys

Published

on

In 130 seconds: A new Tesla hack allows thieves to get their personal keys
Gone in 130 seconds: New Tesla hack gives thieves their own personal key

Getty Images

Tesla released an update last year that made it easier for vehicles to be started after they were unlocked using their NFC keys. A researcher now shows how this feature can be used to steal cars.

For years, Tesla NFC card holders had to insert the card into the console in order to unlock their car. Following the update, which was reported here last August, drivers could operate their cars immediately after unlocking them with the card. NFC cards are one of three ways to unlock a Tesla. A key fob or a smartphone app are two other options.

An image from Herfurt's recent presentation at the REcon conference in Montreal.

Enlarge / An image from Herfurt’s recent presentation at the REcon conference in Montreal.

https://trifinite.org/Downloads/20220604_tempa_presentation_recon22_public.pdf

Enrolling your own key

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys–with no authentication required and zero indication given by the in-car display.

“The authorization given in the 130-second interval is too general… [it’s] not only for drive,” Herfurt said in an online interview. This timer was introduced by Tesla… to make it easier to use the NFC card for primary purposes. The car should be able to be started and driven with the key card not having to be used twice. The problem: within the 130-second period, not only the driving of the car is authorized, but also the [enrolling] of a new key. “

The official Tesla phone app does not allow keys to be enrolled, unless it is connected to an owner’s account. However, Herfurt discovered that the vehicle will happily exchange messages with any Bluetooth Low Energy (BLE) device nearby. So the researcher built his own app, named Teslakee, that speaks VCSec, the same language that the official Tesla app uses to communicate with Tesla cars.

A malicious version of Teslakee that Herfurt designed for proof-of-concept purposes shows how easy it is for thieves to surreptitiously enroll their own key during the 130-second interval. (The researcher intends to eventually release a benign Teslakee that will make it harder for such attacks to be carried out. The attacker uses the Teslakee app for VCSec messages to enroll the new key.

All that’s required is to be within range of the car during the crucial 130-second window of it being unlocked with an NFC card. If a vehicle owner normally uses the phone app to unlock the car–by far the most common unlocking method for Teslas–the attacker can force the use of the NFC card by using a signal jammer to block the BLE frequency used by Tesla’s phone-as-a-key app.

This video shows the attack in action.

Gone in under 130 Seconds.

As the driver enters his car, he unlocks it using an NFC card and begins to exchange messages between the Teslakee weaponized and the car. Before the driver even drives away, the messages register a key for the thief. The key can be used by the thief to unlock, start and turn off the vehicle. The in-car display and the official Tesla app do not indicate that there is anything wrong.

Herfurt successfully attacked Tesla Models 3 & Y. He hasn’t tested the method on new 2021+ facelift models of the S and X, but he presumes they are also vulnerable because they use the same native support for phone-as-a-key with BLE.

Tesla did not respond to an email requesting comment on this post.

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Tech

USB logos finally make sense, thanks to a redesign

Published

on

By

USB logos finally make sense, thanks to a redesign


Author: Mark Hachman
, Senior Editor

As PCWorld’s senior editor, Mark focuses on Microsoft news and chip technology, among other beats. He has formerly written for PCMag, BYTE, Slashdot, eWEEK, and ReadWrite.

Read More

Continue Reading

Tech

Cheaper OLED monitors might be coming soon

Published

on

By

Cheaper OLED monitors might be coming soon


Author: Michael Crider
, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Read More

Continue Reading

Tech

New Pixel Watch leak reveals watch faces, strap styles and more

Published

on

By

New Pixel Watch leak reveals watch faces, strap styles and more
Google Pixel watch



The Google Pixel Watch is incoming
(Image credit: Google)

We’re expecting the Google Pixel Watch to make its full debut on Thursday, October 6 – alongside the Pixel 7 and the Pixel 7 Pro – but in the meantime a major leak has revealed much more about the upcoming smartwatch.

Seasoned tipster @OnLeaks (opens in new tab) has posted the haul, which shows off some of the color options and band styles that we can look forward to next week. We also get a few shots of the watch interface and a picture of it being synced with a smartphone.

Watch faces are included in the leak too, covering a variety of different approaches to displaying the time – both in analog and digital formats. Another image shows the watch being used to take an ECG reading to assess heartbeat rate.

Just got my hands on a bunch of #Google #PixelWatch promo material showing all color options and Watch Bands for the first time. Some details revealed as well…@Slashleaks 👉🏻 https://t.co/HzbWeGGSKP pic.twitter.com/N0uiKaKXo0October 1, 2022

See more

Full colors

If the leak is accurate, then we’ve got four silicone straps on the way: black, gray, white, and what seems to be a very pale green. Leather straps look to cover black, orange, green and white, while there’s also a fabric option in red, black and green.

We already know that the Pixel Watch is going to work in tandem with the Fitbit app for logging all your vital statistics, and included in the leaked pictures is an image of the Pixel Watch alongside the Fitbit app running on an Android phone.

There’s plenty of material to look through here if you can’t wait until the big day – and we will of course be bringing you all the news and announcements as the Google event unfolds. It gets underway at 7am PT / 10am ET / 3pm BST / 12am AEDT (October 7).


Analysis: a big moment for Google

It’s been a fair while since Google launched itself into a new hardware category, and you could argue that there’s more riding on the Pixel Watch than there is on the Pixel 7 and Pixel 7 Pro – as Google has been making phones for years at this point.

While Wear OS has been around for a considerable amount of time, Google has been leaving it to third-party manufacturers and partners to make the actual hardware. Samsung recently made the switch back to Wear OS for the Galaxy Watch 5 and the Galaxy Watch 5 Pro, for example.

Deciding to go through with its own smartwatch is therefore a big step, and it’s clear that Google is envious of the success of the Apple Watch. It’s the obvious choice for a wearable for anyone who owns an iPhone, and Google will be hoping that Pixel phones and Pixel Watches will have a similar sort of relationship.

What’s intriguing is how Fitbit fits in – the company is now run by Google, but so far we haven’t seen many signs of the Fitbit and the Pixel lines merging, even if the Pixel Watch is going to come with support for the Fitbit app.

Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.

Read More

Continue Reading

Trending

Copyright © 2022 Xanatan