One has been identified Serious flaw in Tesla’s electric vehicle authentication system. It’s possible steal in about a couple of minutes car through violation find in like vehicles deal with keys based on NFC technology (short range radio). Using a certain approach, a person can open doors car, start the engine as well as register new keys without official app – or permissions that are normally required.

Watch the video posted on YouTubeillustrating the situation explained:

OUR proof of concept was presented Martin Herfurt. The vulnerability was discovered following an official software change implemented in August, when Tesla released an update that changed the mechanism for working with keys in NFC. Previously, they needed to be constantly on the dashboard of a car; however, with the modification, they were allowed to open the doors and drive out only with approach authentication cards.

Tesla: US agency received 758 reports of brake problems in manufacturer’s vehicles
The manufacturer has until June 20 to respond to requests from agents.

Fault was found in the first 130 seconds procedures. According to the explanation Herfurt, as published on that website:

“Not only is a general authorization given to operate during this interval, but tasks in progress are not withdrawn after this period; the machine does not stop if it detects, for example, that the key is not within reach. In addition, during this period, the system exchanged information with Bluetooth low energy devices, which allowed the specialist to create an application that allows you to register a new NFC key as if it belonged to the car owner.”

The procedure is applied without warning from the official app – or even from the car. The step of registering a key that is not recognized by the owner is performed anonymously. Violation was used in Tesla Model Y as well as Model 3. Although, Herfurt He speaks all cars with the system drive in NFC vulnerable Invasion.

For security reasons the details needed to fully replicate the assault have not been released, but the official has confirmed he will be releasing a limited edition. teslaki, research application – it will be impossible criminals to take advantage of car theft software with specified characteristics.

In social networks, some users claim that not so long ago they already reported other similar problems to the automaker. Until the momenta Tesla has not officially commented..

…..

Thinking about buying goods online? Discover the Save the Connected World extension for Google Chrome. It’s free and offers you price comparisons at major stores and coupons so you can always buy at the best price. Download now.

Via: canaltech.com.br