Let’s not cut corners: whatever the locking mode (lock, code, NFC, etc.), no lock is really inviolable. But it’s clear that switching to cloud-based unlocking modes like on Tesla cars exposes new attack surfaces that hackers can exploit.
Martin Herfurt, an Austrian researcher, reports having discovered a new vulnerability that seems to affect all Tesla models. Concretely, hackers can add NFC keys designed by themselves within a certain period of time when the owner of a Tesla has just unlocked his vehicle.
Tesla: a flaw allows hackers to add their own keys without the knowledge of the owner
All this without his knowledge. The NFC card that comes with Tesla cars is one of three ways to unlock the vehicle. Alternatively the user can open the doors with a physical key or its app. The problem of Tesla thefts resulting from hacking is real. The brand has offered several corrective updates to fix the problem.
However, at the same time, the manufacturer also offered updates more focused on improving the unlocking user experience – which seems to be the source of the latest vulnerability. It has in fact been possible for some time to start Teslas from the NFC card without placing the latter in the center console.
For this to work, the system starts a 130 second countdown from unlocking to start the vehicle. However, during this time, many locks are disabled. And it is possible, according to the researcher, to add new dummy keys without any security mechanism preventing it.
The researcher shows the whole procedure in the video. For the trick to work, the pirate simply needs to be within range of the vehicle and add his key. Then it remains only to wait for the owner to return home and park his car. From there, the hacker can unlock and start the car without any break-ins.
The vulnerability has been tested on Model 3 and Y but it likely affects other models as well. To protect yourself, while waiting for a patch to be put online, there is a solution: it is possible to protect the start-up by PIN code. Note, however, that this will not prevent hackers from opening the doors.