Based on the recent Tesla hack, it may be time to upgrade your wallet, purse and key protection.
In August, Josep Pi Rodriguez, an “ethical hacker” and IOActive’s principal security consultant, published a whitepaper on how to hack a Model Y, as reported by The Verge.
The paper describes a device such as the Proxmark RDV4 (available online for $340, but sites like Amazon have significantly cheaper versions, Rodriguez says, for breaking into Model Y Teslas) with two people. shows how to use it. .
Madrid-based Rodriguez said: entrepreneur This car hack is revolutionary compared to hacks of the past, and using Proxmark (which anyone with coding skills to create their own firmware can buy and use online) is new. he presumes.
“This is the first NFC relay attack against a Tesla Model Y.
“The device has never been used in this type of attack, at least in public,” Rodriguez added.
But the hack doesn’t just affect Tesla owners.
It exposes new vulnerabilities and highlights old vulnerabilities in many other tap-to-unlock car keys, cards, fobs, and tap-to-pay cards that use NFC or Near Field Communication. President of the Levan Center of Innovation Cybersecurity Advisory Council and 24by7 Security.
“I think everyone should understand this paper and understand the risks,” Deo said. entrepreneur.
How the Model Y Tesla hack happened
Rodriguez’ research whitepaper outlines how the two hack into a Model Y Tesla.
For background, a Tesla fob, card key, or phone app (like many other digital car unlocking tools) is supposed to talk to your car so that a key placed nearby unlocks it. Make sure there is
Rodriguez showed how hackers can intercept conversations between cars and keys.
First, one person holds a Proxmark device (essentially a radio transmitter and identifier) and approaches someone’s Tesla.
Another person then walks up to the owner’s keycard or phone app and uses an NFC-enabled device (even just a smartphone). As The Verge points out, it can occur while moving around outside, standing in line for coffee, or waiting at a table to eat.
The two devices, with the help of WiFi or Bluetooth, relay the conversations your Tesla key normally has to your car to open the door.
In his paper, Rodriguez demonstrated it at short distances, but he theorized that it could be done at long distances.
For example, while traveling, someone could walk up to you with the device and unlock your car at the airport in Miami, Deo said.
“[You] You wouldn’t even know the car wasn’t there,” he said. “It’s a pretty sophisticated hack.”
NFC hacking has previously been a concern in the auto industry, and that’s part of the reason this attack is worrying, the paper notes.
“This is becoming a unique NFC attack and that’s why it’s getting so much attention,” said Deo. “If Tesla can do it, other cars with this NFC protocol can do it.”
When it comes to driving a car, Rodriguez said hackers would have to go through a second process to create another key to start the car again (or just sell the car parts). told the Verge.
how to protect yourself
Scanning cards in public has long been a risk, says Deo (although it’s not as cost-effective or as easy as stealing cards online). Rodriguez had a recommendation for how Tesla should fix the problem. For the average consumer, that he may come down to one major problem. It’s an RFID blocking material, Deo advised.
This lining blocks many types of scanners from scanning Tesla keys and regular credit cards. Rodriguez said consumers can at least prevent their cars from being kicked out by enabling Driving with his PIN on their Tesla vehicles. (Many cars don’t have this option, he tells his The Verge).
You can also get phone cases that block RFID, he added.
Tesla didn’t respond immediately entrepreneurial Request for comments.
Rodriguez said he disclosed the vulnerability to the company and Tesla said the PIN feature fixes it. He told The Verge that he believes Tesla has “downplayed” the risks, the outlet wrote.
“This feature is optional and may not be used by Tesla owners who are unaware of these issues,” Rodriguez wrote in the paper.