Yet another flaw in Tesla’s security measures has been uncovered by security researchers that could make stealing a vehicle easier. This time, potential thieves could use a 130-second period after a vehicle is unlocked in order effectively cut their own digital key.
The defect was noticed by Martin Herfurt, a security researcher in Austria who has found other security flaws related to the company in the past. This time, he has discovered a weakness that seems to have formed after an update from last August that allowed drivers to start their Tesla immediately after unlocking it with an NFC key card without placing the key card on the center console.
The update is meant to make taking off more convenient by giving the driver 130 seconds to start their vehicle without any additional steps. The problem is, though, that for that period of time, the vehicle is put in a state to accept new keys without authentication. The vehicle also does nothing to inform the driver if a new key has been registered using this method.
Read Also: Hacker Breaks Into And Starts Tesla Using Bluetooth, Other Automakers Are Just As Susceptible
Although Tesla’s phone app doesn’t allow new keys to be registered unless it’s connected to the owner’s account, Herfurt found that the vehicle will talk to any Bluetooth Low Energy (BLE) device that’s in the vicinity. So he built an app that speaks the same “language” as the official Tesla app and uses it to communicate with the car.
“The authorization given in the 130-second interval is too general… [it’s] not only for drive,” Herfurt told Ars Technica. “There is no connection between the online account world and the offline BLE world. Any attacker who can see the Bluetooth LE advertisements of a vehicle may send VCSEC messages to it.”
In a video, the hacker demonstrated that if he was near a vehicle when it was being unlocked with the NFC key card, he could use his app to effectively cut his own key and later steal it. He admits that this might a little cumbersome to accomplish in the real world but by doing it he had the power to unlock, start, and stop a vehicle with his app, all without the owner ever being made aware. Herfurt said he has tried the device on both the Model 3 and Y and, although he hasn’t actually done it on the latest Model S and X, he expects that they are also vulnerable to this attack.
This sounds a bit like another weakness discovered in May by researchers in the U.K. They also exploited BLE vulnerabilities but instead of cutting a new key, as it were, they used two devices to act as a relay between a key and the car in order to unlock and start it.
Tesla has not made public comments on either security weakness and Herfurt said he isn’t holding his breath waiting for it to address the issue. He, therefore, recommends being very careful about how and when you use your NFC key card.
He also recommends that drivers set up Pin2Drive to prevent thieves from being able to actually start the car, though that does nothing to prevent them from unlocking a vehicle. This means that owners may just have to check the list of keys authorized to start their vehicles on a regular basis in order to ensure that they’re aware of every key on the list.