It was reported on June 9, Beijing time that last year, Tesla released an upgrade package. Users can start the engine without putting the card on the console after using the NFC key card to open the door A researcher proved that hackers can use this function to easily steal users' electric cars
Hackers can quietly change Tesla car keys within 130 seconds
Martin Herford, an Australian security researcher, quickly pointed out the "weirdness" of this function: it not only enables the car to start automatically within 130 seconds after using the NFC card to open the door, but also makes the car in a state that can accept a new key - there will be no authentication of the user's identity, and the on-board display screen will not display any prompt information.
In an interview, hefford said, "Tesla introduced this timer to make it easier for users to control the car through the NFC card. Users can drive without using the NFC card for the second time. The problem is that within 130 seconds, users not only get the permission to drive, but also get the permission to register new keys."
Unless connected to the user account, Tesla mobile app is not allowed to register a new password, but heft found that the car will still "happily" exchange information with nearby ble (low-energy Bluetooth) devices. Hefford has developed an app called teslakee, which shows that hackers can easily register their own keys within 130 seconds.
The only requirement for hackers to use teslakee to secretly register their own key is that the distance from Tesla electric vehicle within 130 seconds after opening the door does not exceed ble signal transmission distance. When the car owner uses the mobile app to open the door, the hacker can force the car owner to use the NFC card through interference signals and take the opportunity to register his own key.