Tesla “Phone-as-a-Key” Passive Entry Vulnerable To Relay Attacks – Expert Comments

Researchers at NCC Group have created a new type of Bluetooth Low Energy (BLE) relay attack that can bypass existing relay attack protections. Excerpts:

  • The Tesla Model 3 and Model Y employ a Bluetooth Low Energy (BLE) based passive entry system. This system allows users with an authorized mobile device or key fob within a short range of the vehicle to unlock and operate the vehicle, with no user interaction required on the mobile device or key fob.
  • NCC Group has developed a tool for conducting a new type of BLE relay attack …
  • This approach can circumvent the existing relay attack mitigations …  and bypass localization defenses…
  • If an attacker can place a relaying device within BLE signal range of a mobile phone or key fob authorized to access a Tesla Model 3 or Model Y, they can conduct a relay attack to unlock and operate the vehicle.
Subscribe
Notify of
guest
3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Ron Bradley
InfoSec Expert
May 18, 2022 4:07 pm

The smarter they are…the harder they fall!  But wait one minute. I have a lot of smart devices myself. I depend on them every day. Am I concerned?  Absolutely. Am I worried? Not at all, because just like all other security tactics, you must have a layered defense whereby smart devices monitor other smart devices. If one layer fails or is breached, that\’s the job of the secondary devices to detect, protect, and in some instances respond to an event.

The Internet of Things (IoT) devices are a way of life today. They can be industrial in nature, or simple things on your table, wall, or door which makes your life easier. Regardless, the most important lesson we can learn from this new relay attack is to have multiple layers of defense. Having a single point of failure should never be an option.

Last edited 1 month ago by Ron Bradley
Garret F. Grajek
InfoSec Expert
May 18, 2022 4:09 pm

Software has as many holes controlling a h/w device as it does controlling a s/w appliance like a web site or database. It is imperative that the rules of least privilege (NIST 800-53, PR-AC-6) are followed for physical access as for software access. BlueTooth is a collection of dozens of individual libraries integrated by multiple vendors with multiple variations. Flaws exist and will be exploited, enterprises must practice zero trust and identity governance on hardware as they do software, cites Garret Grajek, CEO of YouAttest a cloud-based identity audit firm.

Last edited 1 month ago by Garret F. Grajek
Dave Cundiff
Dave Cundiff , Vice President
InfoSec Expert
May 18, 2022 4:10 pm

As we continue to improve our collective convenience through the use of technology there will always be these concerns. For each move forward in the use of technology when there is a benefit to be had there will be a way to take advantage of the new tech. The question, in addition to it being possible, is what is the cost of entry? Anytime you are performing a risk assessment the question is also how easy is it for someone to be able to exploit the vulnerability? Right now, if I have a vehicle which has a key lock with no transponder a thief can leverage a piece of wire and some practice to be able to steal my vehicle, that is a very low barrier for exploitation. In this case there needs to be at least two devices, one with proximity to the “key” and one with proximity to the vehicle. It is not an impossible barrier of entry but would require a greater level of difficulty to achieve.

The other side of the risk assessment is motivation. If it is stealing a Tesla vehicle, there is quite a bit of available material in a tesla which could be stripped for payment on a secondary market. While from a security perspective we need to continue to protect and improve technology from attack, I contend we as a society need to think about reducing the need for people to feel as though they have to take from someone else to allow them to live, which is really the end motivation.

Last edited 1 month ago by Dave Cundiff
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x