The digital security company NCC Group earlier announced the results of a study that found that millions of door locks using Bluetooth LE technology around the world have vulnerabilities and have the opportunity to be unlocked by hackers. The incident also involves Tesla’s Model 3 and Model Y cars. . Researchers from the NCC Group say it’s possible that the doors might be opened by hackers, who then steal the car.
At present, both Tesla Model 3 and Model Y use Bluetooth LE (BLE) technology, and the owner can unlock and control the vehicle as long as he brings a supported mobile phone within a short distance of the car, without any manual unlocking procedure involved. The hardware used to hack or unlock a car door is so easy to obtain, researchers at the NCC Group say, that hackers can do it from a distance without even being next to the car.
Using a laptop with a small repeater installed, NCC Group researcher Sultan Qasim Khan can connect the owner’s mobile phone to his 2021 Tesla Model Y, opening the doors and driving the car away with ease. Although NCC Groups said the vulnerability appeared in Model 3 and Model Y, all systems using BLE proximity authentication, including smart door locks in residences, access control systems in commercial buildings, smart phones, smart watches, laptops, etc., are also vulnerable. attack.
The NCC Group specifically mentioned that hackers can use the loophole to trick the Bluetooth device into thinking that the user is within the range of effective unlocking. Even if the manufacturer adopts encryption or delay limit as a defense measure, the hacker can still conduct a remote attack in just 10 seconds. Cracked, and the vulnerability can be repeatedly reused. Although there are other car manufacturers using BLE technology on the market, the NCC Group said that it is far less than Tesla’s applications, and they believe that at least 2 million Teslas are at risk of this vulnerability. NCC Group did not propose a complete solution, but also stated that the location authentication of BLE technology is not designed for security projects such as door locks.
Data and picture sources:car blog
unwire.hk Mewe page: https://mewe.com/p/unwirehk