Relay attack can unlock & start Tesla Model Y in a jiffy, finds researcher


San Francisco, Sep 13 (IANS): A cyber security researcher has discovered a sophisticated relay attack that can allow someone with physical access to a Tesla Model Y to unlock and steal it in a jiffy.

Tesla claims that this security issue is mitigated with the "PIN to Drive" feature, which would still allow attackers to open and access the car, but would not allow them to drive it.

Josep Pi Rodriguez, principal security consultant for independent computer security services firm IOActive, said that this feature is optional, and Tesla owners who are not aware of these issues may not be using it.

IOActive contacted Tesla about this issue in the Model Y and believes that Tesla is well aware of this issue in other models.

"However, we have made several attempts to contact them and let them know that the same issue exists in the Model Y, with no response," said Rodriguez in a paper.

According to the researcher, attackers can steal a Tesla Model Y as long as they can position themselves within about two inches of the owner's NFC card or mobile phone with a Tesla virtual key on it, reports The Verge.

"There are several ways Tesla could fix or mitigate this issue, although they may require hardware changes," Rodriguez added.

Earlier this year, another researcher found a way to start a Tesla car with an unauthorised virtual key.

In 2020, a group of Belgian cyber security researchers discovered major security flaws in the keyless entry system of the Tesla Model X, demonstrating how the battery-powered Tesla Model X priced at over $100,000 can be stolen in a few minutes.

 

  

Top Stories


Leave a Comment

Title: Relay attack can unlock & start Tesla Model Y in a jiffy, finds researcher



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.