Tesla PIN to Drive Will Protect You from This NFC Key Card Flaw [VIDEO]
After Tesla updated its vehicles to become easier to start when unlocking them with key cards, one person discovered a loophole through which thieves could
A researcher has figured out how to hack and create a new Tesla NFC key card without requiring new authentication, according to a report from Ars Technica.
Austrian Security Researcher Martin Herfurt spotted the issue, noticing that the car would automatically start within 130 seconds of unlocking, before entering a state in which new key cards could be accepted.
In an interview, Herfurt said, “The authorization given in the 130-second interval is too general… [it’s] not only for drive.”
Herfurt continued, “This timer has been introduced by Tesla… in order to make the use of the NFC card as a primary means of using the car more convenient. What should happen is that the car can be started and driven without the user having to use the key card a second time. The problem: within the 130-second period, not only the driving of the car is authorized, but also the [enrolling] of a new key.”
He also added the exploit targets the unlocking process with the NFC card.
“This works because Tesla’s authorization method is broken. There is no connection between the online account world and the offline BLE world. Any attacker who can see the Bluetooth LE advertisements of a vehicle may send VCSEC messages to it. This would not work with the official app, [but] an app that is also able to speak the Tesla-specific BLE protocol… allows attackers to enroll keys for arbitrary vehicles. Teslakee will communicate with any vehicle if it is told to,” said Herfurt.
If someone steals your Tesla, you’ll be able to track it down through the company’s mobile app which shares your vehicle location. Law enforcement can follow along in real-time. If you’re paranoid about this exploit, setting PIN to drive will add another layer of protection.
To do this, in your Tesla, head over to: ‘Controls’ > ‘Safety & Security’ > ‘PIN to Drive’, then set up your 4-digit code. It’s handy to have especially if you have kids or young adults in your front seat playing games as some extra precaution for safety.
Last summer, one hacker also discovered how to make their own Tesla key fob, to avoid needing to carry a key card around.