1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers can steal your Tesla via Bluetooth

    From TechnologyDaily@1337:1/100 to All on Wed May 18 19:00:04 2022
    Hackers can steal your Tesla via Bluetooth

    Date:
    Wed, 18 May 2022 17:57:17 +0000

    Description:
    Tesla tells users to use the PIN to Drive feature as it works on a fix.

    FULL STORY ======================================================================

    The lines between virtual and physical damage from cyberattacks are blurring even further after a new method of stealing a Tesla car using Bluetooth technology was uncovered.

    A team of researchers from NCC Group built a tool that is capable of mounting a Bluetooth Low Energy (BLE) relay attack, successfully bypassing all
    existing protections and authenticating on target endpoints.

    While this type of attack works pretty much the same on all kinds of devices, from smartphones to smart locks, researchers opted for a Tesla car.
    Successful experiment

    In laymans terms, the attack works by squeezing the attacker in between the legitimate Bluetooth sender and receiver devices. That way, the attacker gets to manipulate the data going into the receiving device (in this particular case, the Tesla car).

    The only challenge with this method is that the attacker needs to be in relative proximity to both the victim, and the target device.

    As an experiment, the researchers used a 2020 Tesla Model 3, and an iPhone 13 mini, running version 4.6.1-891 of the Tesla app. They used two relay
    devices, one located seven meters away from the phone, and the other one located three meters from the car. The overall distance between the phone and the car was 25 meters. The experiment was a success. Read more

    How Bluetooth can be an attack gateway


    Billions of Wi-Fi and Bluetooth devices vulnerable to password and data
    theft attacks


    Bluetooth security holes open door to device impersonation attacks

    "NCC Group was able to use this newly developed relay attack tool to unlock and operate the vehicle while the iPhone was outside the BLE range of the vehicle," the researchers concluded.

    Later, the team successfully conducted the same experiment on a 2021 Tesla Model Y.

    After sharing the findings with Tesla, the company said relay attacks were a known limitation of the passive entry system.

    To defend from relay attacks, users can disable the passive entry system and switch to an alternative method of authenticating, preferably one that requires user interaction. They should also use the PIN to Drive feature, to make sure no one can drive away with the vehicle, even if they successfully manage to open it. Keep yourself safe online with the best endpoint
    protection software

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/hackers-can-steal-your-tesla-via-bluetooth/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)