Security researchers have demonstrated a new Bluetooth relay attack that can remotely unlock and operate some Tesla vehicles.
The vulnerability lies in Bluetooth Low Energy (BLE), the technology used by Tesla’s entry system that allows drivers with the app or key fob to unlock and operate their car from nearby. Most devices and vehicles that rely on this kind of proximity-based authentication are designed to protect against a range of relay attacks, which typically work by capturing the radio signal used for unlocking a vehicle, for example, and replaying it again as if it were an authentic request, by using encryption and introducing checks that can make relay attacks more difficult.
But researchers at U.K.-based NCC Group say they have developed a tool for conducting a new type of BLE link-layer relay attack that bypasses existing mitigations, theoretically enabling attackers to remotely unlock and operate vehicles.
Sultan Qasim Khan, a senior security consultant at NCC Group, said in a blog post that it tested the attack against a 2020 Tesla Model 3 using an iPhone 13 mini running a recent but older version of the Tesla app. The iPhone was placed 25 meters away from the vehicle, according to the researchers, with two relaying devices between the iPhone and the car. Using the tool, the researchers were able to...
Continue Reading Here
Image Here