You may want to think twice before giving the parking attendant your Tesla-issued NFC card.
Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars.
For years, drivers who used their Tesla NFC key card to unlock their cars had to place the card on the center console to begin driving. Following the update, which was reported here last August, drivers could operate their cars immediately after unlocking them with the card. The NFC card is one of three means for unlocking a Tesla; a key fob and a phone app are the other two.k
Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys—with no authentication required and zero indication given by the in-car display.
[...]
The official Tesla phone app doesn't permit keys to be enrolled unless it's connected to the owner's account, but despite this, Herfurt found that the vehicle gladly exchanges messages with any Bluetooth Low Energy, or BLE, device that's nearby. So the researcher built his own app, named Teslakee, that speaks VCSec, the same language that the official Tesla app uses to communicate with Tesla cars.A malicious version of Teslakee that Herfurt designed for proof-of-concept purposes shows how easy it is for thieves to surreptitiously enroll their own key during the 130-second interval.
Related, but different BLE attack: New Bluetooth hack can unlock your Tesla—and all kinds of other devices
(Score: 0, Interesting) by Anonymous Coward on Saturday June 11 2022, @02:51AM (5 children)
Unlocked - great. Now you have 26 more problems, the 26 cameras in and around every one of the spymobiles, which in this case are going to send millions of frames of video of your face to Uncle Elon's HQ.
(Score: 0) by Anonymous Coward on Saturday June 11 2022, @04:05AM (2 children)
How much do you make as a Mechanical Turk trolling for Muskie?
(Score: 0) by Anonymous Coward on Saturday June 11 2022, @05:21AM
12 rupees a day, thanks for asking.
(Score: -1, Troll) by LonesomeRhodes on Saturday June 11 2022, @06:56AM
I hear aristarchus is banned from hijacking Teslas. Just saying.
(Score: 1, Touché) by Anonymous Coward on Saturday June 11 2022, @05:11AM
Here's my face [kget.com].
And here's your tesla the next day [wp.com]
Enjoy your technology, sucker.
(Score: 0) by Anonymous Coward on Saturday June 11 2022, @05:18AM
Synergies then with Elon's other company, Twitter.
Stolen identity = more tweets.
(Score: 0) by Anonymous Coward on Saturday June 11 2022, @11:29AM
Worry about somebody being near the car when you have the nfc near it?
(Score: 0) by Anonymous Coward on Saturday June 11 2022, @04:34PM
Hasn't Elon been there for a while now??