Is your Tesla vehicle vulnerable? Perhaps according to the latest discovery of researcher Martin Herfurt. As the story goes 01net based on information from Project Tempa, he has indeed discovered a new attack (“Timer Authorization Attack”) which makes it possible to open a car belonging to billionaire Elon Musk without being its owner. According to our colleagues, all the hacker has to do is create a new key for the car he wants to steal. Because the NFC card technology, which remains the third means of access to a Tesla, evolved last summer. Until then, you had to approach the windshield and then place it on the middle console to start the vehicle, recalls 01net.
Now, all you have to do is approach the car with the new key and the engine is ready to start for about 130 seconds. And this, because the driver can access his vehicle thanks to a Bluetooth system. And this is the problem identified by Martin Herfurt, because anyone picking up the Bluetooth signal can duplicate the remote keys. He accompanied his finding with a video. For this, he used an application similar to PhoneKey but whose protocol is “malicious”. Even if the process is not given to everyone, it is feasible, which is why Martin Herfurt asks to be careful and above all not to “give everyone their key” so that it is not “hacked “.
Few secure models
Martin Herfurt hasn’t released the app, but if hackers stumble upon it, the risk, notes 01net, is that smart guys don’t market it afterwards. Already in May, a security researcher had revealed that passive devices based on Bluetooth made it possible to make vulnerable the security of a Tesla by a relay attack. Already the manufacturer’s contactless key was concerned. It is enough for a hacker to position himself near the owner of the vehicle, pick up the signal and transmit it to another hacker who can then open it. In February, the ADAC association had also tested 501 car models, and only 23 could not be stolen thanks to a relay attack. As far as Teslas are concerned, there is a simple way to protect yourself from these attacks: secure the start-up with a secret code.