Owners of a Tesla vehicle should immediately activate the Pin2Drive protection system, a code requested before each start. Without this protection, if a pirate manages to create a duplicate of the key, he can leave with the vehicle…
Methods for hacking digital car keys are well known, they regularly crop up in the news. But the flaw found by security researcher Martin Herfurt goes further and allows him to create a duplicate key of the targeted vehicle… and therefore, potentially, to drive away with it!
A vulnerable key
This vulnerability, called “Timer Authorization Attack”, attacks the NFC access card of Tesla, the only manufacturer affected. Until now, obtaining a car’s digital key required a relay attack. The operation consists in positioning a pirate near the motorist in order to capture the signal emitted by the contactless key. A second hacker is placed next to the vehicle and receives the information that allows him to open the door.
A great classic which unfortunately does not really interest car manufacturers. As for Martin Herfurt’s discovery, it relies on a Tesla software update dating back to last August, which changes the start-up procedure. Just open the car and it’s ready to go within 130 seconds.
Simplified unlocking that allows a hacker to enroll an access device via Bluetooth, without any need for authentication: all he has to do is be a few meters from the motorist equipped with his NFC card to create a duplicate of the keys . Martin Herfurt did not reveal the full operating mode and details of his find, but malicious hackers could take advantage of it. To avoid these issues, enabling the Pin2Drive is highly recommended.
Bitdefender Plus Antivirus