- An automotive cybersecurity firm found that it could still hack Teslas that use updated ultra-wideband (UWB) radio frequencies.
- Two other brands with UWB hardware also exhibit the same security vulnerabilities.
- The testers suggest that all Tesla owners begin to use their “Pin to Start” feature.
Modern-day relay attacks underscore the extensive reliance on radio signals in contemporary vehicles. Specifically, by utilizing a low-cost relay device, attackers intercept a radio signal emitted by the genuine key and relay it to the vehicle to gain access and, in some instances, even drive away.
Despite the adoption of ultra-wideband (UWB) radio signals in several new cars, including the Tesla Model 3, touted for their enhanced security, a cybersecurity firm in China claims that breaking in with a relay attack remains just as feasible.
Read: Chevy Camaro Thefts Up 1,000% In LA, Cars Sold For $2K On Social Media
The firm is GoGoByte out of Bejing and it says that in testing, it’s successfully used relay attacks to hack into three brands of cars including Teslas. It’s not releasing the names of the other brands as it’s still in the process of disclosure with them. Regardless, it appears to prove that fighting relay attacks is something automakers need to keep working on.
To date, the safest way for owners to protect a car that uses radio signals is to keep the key in a Faraday bag between uses. When they don’t, they’re susceptible to the attack that GoGoByte used. Specifically, it showed Wired a video of the team using a relay attack to enter a Tesla from 15 feet away. That might sound like very far but it’s enough for someone to unlock the car as the owner sits in a coffee shop or stands relatively nearby.
According to GoGoByte founder Jun Li, “It’s a warning for the mass public: Simply having ultra-wideband enabled doesn’t mean your vehicle won’t be stolen.” At the same time, he’s confident that Tesla could fix this issue at some stage in the future. “I think Tesla will be able to fix this because they have the hardware in place,” says Li. “But I think the public should be notified of this issue before they release the secure version.”
The solution for now, at least for Tesla owners, is to use the vehicle’s off-by-default “Pin To Drive” feature. It requires the driver to enter a four-digit PIN before the vehicle will move. Of course, this won’t stop a relay attack from gaining entry to the car in the first place. It’ll just keep it from driving away.
Interestingly, these findings could affect Chevrolet owners too. The Camaro is the subject of a lawsuit alleging that Chevrolet was negligent when it didn’t use ultra-wideband signals with its key fobs. This appears to prove that as Li says “it’s still just like the good old days for the thieves.” In theory, UWB could still lead to increased safety but if and when that day comes is still up in the air.
Commercials Cooperation Advertisements:
(1) IT Teacher IT Freelance
立刻註冊及報名電腦補習課程吧!
电子计算机 -教育 -IT 電腦班” ( IT電腦補習 ) 提供一個方便的电子计算机 教育平台, 為大家配對信息技术, 電腦 老師, IT freelance 和 programming expert. 讓大家方便地就能找到合適的電腦補習, 電腦班, 家教, 私人老師.
We are a education and information platform which you can find a IT private tutorial teacher or freelance.
Also we provide different information about information technology, Computer, programming, mobile, Android, apple, game, movie, anime, animation…
(2) ITSec
www.ITSeceu.uk
Secure Your Computers from Cyber Threats and mitigate risks with professional services to defend Hackers.
ITSec provide IT Security and Compliance Services, including IT Compliance Services, Risk Assessment, IT Audit, Security Assessment and Audit, ISO 27001 Consulting and Certification, GDPR Compliance Services, Privacy Impact Assessment (PIA), Penetration test, Ethical Hacking, Vulnerabilities scan, IT Consulting, Data Privacy Consulting, Data Protection Services, Information Security Consulting, Cyber Security Consulting, Network Security Audit, Security Awareness Training.
Contact us right away.
Email (Prefer using email to contact us):
SalesExecutive@ITSec.vip