Tesla hackers have found a vulnerability with an NFC relay hack but there’s a catch. Thieves will have to work in pairs and get close to the NFC chip or smartphone.
According to IOActive, the relay attack needs two attackers. One uses the Proxmark device at the vehicle’s NFC reader. The other uses any NFC-capable device close to a Tesla owner’s NFC card or smartphone. The team is then able to use Bluetooth to communicate between the devices and replicate the key to one of the thieve’s smartphones.
This new demonstration comes a few days after the National Highway Traffic Safety Administration (NHTSA) recently released an update to its 2016 edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles. Dr. Steven Cliff, NHTSA’s Administrator emphasized the need for cybersecurity to be a top priority for every automaker, developer, and operator.
According to the agency, a layered approach to vehicle cybersecurity reduces the probability of a successful attack while mitigating the ramifications of unauthorized vehicle system access. The NHTSA also added that public key cryptography techniques are more secure than symmetric keys valid across multiple vehicles.
In 2018, Tesla began rolling out the PIN to Drive feature and improved cryptography for its key fobs as a response to several Tesla vehicle thefts through relay attacks in Europe.
In 2019, Tesla began releasing over-the-air software updates addressing the findings of Lennert Wouters of Katholieke Universiteit Leuven in Belgium (KU Leuven). Wouters discovered a security flaw that allowed car thieves to clone a key fob in less than two seconds. Tesla’s solution included the PIN to Drive, a software update, and a new fob that made the Tesla Models S and X almost 90% less likely to get stolen than the average car.
The new demonstration may show a vulnerability if thieves are dedicated enough to work at it, but Tesla is pretty fast at addressing these flaws. However, all car owners, whether they own an EV or not, should always be aware of their surroundings. You can watch IOActive’s demonstration video below.
Note: Johnna is a Tesla shareholder and supports its mission.
Your feedback is important. If you have any comments, or concerns, or see a typo, you can email me at johnna@teslarati.com. You can also reach me on Twitter at @JohnnaCrider1.
Teslarati is now on TikTok. Follow us for interactive news & more.
