The failure of Tesla’s key system facilitates car theft in just 2 minutes

One is known a major flaw in Tesla’s electric vehicle verification system. It is possible to steal eo ho eo two minutes passing car a broken found in that way the car deal with LAKILEN’ILAY based on NFC technology (Near Communication Field). By using a specific method, one can open the door the car, the engine starts SY register a new key name without an official application – or the authorization that is generally required.

Watch the hosted video YOUTUBEshows the situation explained:

ny proof of concept presented by Martin Herfurt. The vulnerability was discovered after an official software change was implemented in August, when the Tesla released an update that changed the way the key is managed NFC. Previously, they had to leave the car on the dashboard all day; however, with the change the door was allowed to open and leave with the same methodology the verification card.

The flaws have already been identified within the first 130 seconds the method. As explained by Herfurt, as published on this site:

“Not only is the general permit to work in this interval granted, but the work done is not revoked after the deadline; the car does not stop, if it finds that the key is missing, for example. In addition, over time, the system is exchanging information with low-power Bluetooth devices, which have allowed experts to create applications that allow registration with new NFC keys such as an of the car owner.

The expert also showed how to block other ways to access the car, such as mobile apps and physical keys, to force the use of NFC, allowing attackers to type in a key within two minutes. to steal the car later.

The method is applied without warning from an official app – or even from a car. The process of registering an anonymous key is done anonymously. Taken advantage of in Tesla Modely Y SY Model 3. However, Herfurt hoy i all cars with the system car in NFC is fragile the attack.

Continued after the ad

For security reasons, details needed for a full review of the attack will not be released, but officials have confirmed that they will release a limited version of the Teslakee, the application of research – it will not be fulfilled criminals to take advantage of software to steal cars with these mentioned features.

On social media, some users say they have recently informed the manufacturer of other similar issues. Until the time comesa Tesla has not officially commented.


Are you thinking of buying products online? See the Save the Connected World extension for Google Chrome. It’s free and offers price comparisons at major stores and tickets so you can buy at the best price. Download now.



Leave a Comment

Your email address will not be published.