Tesla’s key system failure makes it easy to steal your car in just 2 minutes

Tesla’s key system failure makes it easy to steal your car in just 2 minutes

One has been identified Serious flaw in Tesla’s electric car authentication system. Is possible to steal in approximately two minutes a car through a non-compliance found in way vehicles deal with keys based on NFC technology (Near field communication). Through a specific approach, an individual can do it open the doors of a car, start the engine i register new keys without official application – or the authorizations that would normally be required.

Watch the video hosted on YouTubeillustrating the situation explained:

EL proof of concept was presented by Martin Herfurt. The vulnerability was discovered after an official software change was implemented in August, when the Tesla released an update modifying the key management mechanism NFC. Previously, it would have been necessary for them to be on the control panel of the vehicle full time; however, with the modification, doors were allowed to open and exit only with the approximation of authentication cards.

Fault found in the first 130 seconds of the procedure. According to the explanation of Herfurt, as published on this website:

“Not only is a general permit given to operate in this interval, but the tasks performed are not revoked after the deadline; the car does not stop, if it detects that the key is out of reach, for example. In addition, during the period, the system exchanges information with low-power Bluetooth devices, which allowed the specialist to create an application that allows you to register a new NFC key as if it belonged to the car owner.

The expert also showed how it would be possible to block other methods of accessing the car, such as mobile applications and physical keys, to force the use of NFC, allowing an attacker to register a key in two minutes to steal the vehicle later.

The procedure is applied without notice from the official app, or even from the vehicle. The step of registering a key not recognized by the owner is done anonymously. The breach was exploited in the Tesla Model Y i Model 3. Although, Herfurt he says all cars with the system to drive en NFC they are vulnerable the invasion.

Continue after advertising

For security reasons, the details needed to fully replicate the attack will not be revealed, but the officer confirmed that he will release a limited version of the Teslakee, the scanning application – it will not be possible criminals to take advantage of software to steal cars with the mentioned features.

On social media, some users claim that they have already informed the manufacturer of other similar problems not long ago. So fara Tesla has not made any official comments.


Are you thinking of buying a product online? Discover the Save the Connected World extension for Google Chrome. It’s free and offers price comparisons to major stores and coupons so you can always shop at the best price. Download now.

Via: canaltech.com.br


Leave a Comment

Your email address will not be published.