Teslas can easily be stolen using a self-made app

Austrian security researcher Martin Herfort Discover a security vulnerability in Teslas. This allows a duplicate digital key to be stored in the electric vehicle for later unlocking and drive away.

Smartphone as key, FOB card and NFC

There are 3 ways to unlock electric Tesla cars. The most convenient way is smart phone. The car recognizes a nearby smartphone via Bluetooth and opens the doors. Tesla also sells an optional one fob, which is used as a radio switch. Method number 3 is one NFC card. If you buy a Tesla, you will get 2 of them. You also need this to activate the smartphone as a key for the first time using the Tesla app.

This is where Herfort comes in. In a video, he shows that a self-programming app is enough for Tesla Model 3 To cheer their key.

After the owner uses the NFC card to unlock the Tesla, the car accepts it 130 seconds Bluetooth connections LE. During this time, the official Tesla app can communicate with the car to turn the smartphone into a car key. The Tesla app has an online query to authenticate the owner – but this is not part of the car’s phone connection.

The private app generates keys for Tesla

According to Herfurt, any key can be sent to Tesla within 130 seconds, as long as it uses Tesla’s private key. VCSEC Protocol he follows. He made an “evil” version of his own “TeslaKee” app.

If an NFC card is used to unlock or lock the Tesla, all you have to do is be within the Bluetooth range of the electric car with your smartphone. Tesla gives out its private key via its app. You don’t notice any of that in a Tesla. There is no notification on the screen, and no security check to establish a secure connection.

Once the Tesla is stable and the driver is gone, they can simply use their TeslaKee app to unlock the car, get in, and drive. According to Herfurt, you can induce the owner to use an NFC card, for example using a file bluetooth jammer uses. Since the car no longer reacts to unlocking via the smartphone, the NFC card is pulled out. By the way, Tesla recommends always carry an NFC card with you, even if you use a cell phone as a key – in case the battery is dead or stolen.

Danger in the workshop and valet parking

Another scenario for this attack is when an NFC card is shared in a short time. This may be when you put the car in Workshop brings or in the hotel or the valet parking Give. An attacker could smuggle his private key to a Tesla using such an app and steal the car days or weeks later at a good chance.

annoying hot Herfurt tested the gap with the Model 3 and Y because they support smartphone key functionality. He suspects that the younger variants of the S and X are also vulnerable as they also support the smartphone as a key. But he wasn’t able to test it yet. According to him, he reported the problem to Tesla, but he has not yet received a response.