Pegasus How easy it is to enter a person’s mobile phone through a simple WhatsApp message, including the mobile of the President of the Government, has put on everyone’s lips, Pedro Sanchez.
The cars are rapidly controlled from a mobile phone that can be used as a key via the brand’s mobile application, which allows you to manage more vehicle functions: heating or cooling the passenger compartment To turn on the heating or air conditioning, manage the charging of an electric vehicle and even be able to steer the vehicle forward or backward to park from outside the vehicle.
Using the mobile as access to the vehicle allows the latter to recognize it as the key And when close and bluetooth is activated, the car opens. This happens across many brands, including Tesla, one of the pioneers in turning the car into an extension of the mobile.
It has been written about it that it is nauseating. Tesla It’s not just a car company. It is a tech giant. This is not only to revolutionize the idea of the traditional dealership, but also to design the self Software and by specific features such as traditional key suppression In favor of mobile. However, the display of modernity and revolution can create major problems in the cyber security sector. According to the firm NCC Group, it is possible to hack some of its most popular models.
Of earlier
Sultan Qasim Kham, a security expert at Manchester-based NCC, believes it is possible to trick Tesla’s systems into thinking the owner is physically close to the vehicle, a theory he published in January. -year-old German security expert, David Colombo, who managed to hack the signals of 25 models of the power giant in different parts of the world.
Colombo explains on his blog how he managed to reach cars through TeslaMate, a tool that tracks vehicles from consumption levels to the history of the car on the road. Dinkelsbhl’s teen took advantage of security flaws in the system to manipulate cars in thirteen different countries, something he did on the owners, not the company.
Qasim has achieved in the test Open Tesla Model 3 and start it Through hacking of BLE (Bluetooth Low Energy) transmission which is between car and mobile or smart key. It is not a new thing that a car can be hacked through Bluetooth. The novelty lies in the fact that the frequency at which the remote control and operation of the vehicle opened by it, years after the first theft, remains a simple back door of the remote control or the interception of communication between the mobile and the car of your car. control.
Through his Twitter account, he explained how he was able to open and close doors and windows and even drive vehicles remotely. However, he denies that they can be operated remotely. “There should be no way anyone can walk up to a Tesla they don’t have and take them for a ride,” Colombo wrote on his blog. In his opinion, this can lead to very dangerous situations along the way.
bluetooth to steal
According to the NCC group, it has evolved a device that costs less than 50 euros Capable of intercepting signals between the hand or mobile and the vehicle concerned within a certain range of action. Specifically, this company states that “since the typical connection interval for this BLE system is 30 milliseconds or more, and the additional latency is within the typical response time variation range for BLE devices, the additional latency can be made invisible.” Software for Vehicles and Phones”.
In addition, this new type of relay attack can relay connections that employ BLE link layer encryption, including tracking encrypted connections through parameter changes (such as channel map changes, connection intervals, and connection times). Includes transmission window scrolling. This retransmission attack tool can be used for any device that communicates via BLE and is not specific to Tesla vehicles,” the NCC states.
iphone 13 mini y tesla model 3
test of The hack involves a 2020 Tesla Model 3 running software v11.0 (2022.8.2) on an iPhone 13 mini running Tesla App version 4.6.1-891.The NCC group was able to unlock and drive the vehicle while the iPhone was out of BLE range of the vehicle.
In the test configuration, the iPhone was placed on the top floor at the far end of a house, about 25 meters from the vehicle, which was in the garage on the ground floor. The phone-side transmitting device was placed in a separate room from the iPhone, about 7 meters from the phone. The Vehicle Side Relay Device was able to unlock the vehicle when placed within approximately 3 meters of the vehicle.
The company states that it has not tested the attack against the Tesla Model Y, but believes it could be used “given the similarities of the technologies used by both models.”
To identify latency limits during the experiment, The NCC group found that the hacks against the Model 3 were still effective with 80ms round-trip latency. Artificially linked to the base level of latency offered by the relay tool on the local Wi-Fi network. This latency margin should be sufficient to perform long-distance relay attacks on the Internet. However, “the NCC group has not attempted long-range relay attacks against Tesla vehicles.”
Safety Pin
NCC claim will be good Enter a security pin or provide an option to disable passive input o Report the last known location of the mobile device during the authentication process with the vehicle to the mobile application, so that the vehicle can detect and reject long-range relay attacks.
Remember that many users wrap their car controls in aluminum foil to avoid hacking, or even in the US, some people put it in the refrigerator to isolate its frequency and not be intercepted goes. More analog treatment than digital. Many might think that this would be solved with a traditional analog key. Digitization has no Plan B in many new models that no longer use physical keys, such as the case of Tesla, whose cars are opened with a card and started by pressing the brake, a functionality that traditional manufacturers such as Volkswagen have used. Copied with their electric or new, such as Polestar.
In fact, one of the main attractions of Tesla is to forget about the key and be able to manage its functions from your mobile.
according to the norms of
know more
