Tesla owners should enable PIN-to-drive protection to thwart relay attacks.
In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment. Since the Tesla 3's keyless entry system also controls the car's immobilizer feature designed to prevent its theft, that means a radio hacker could start the car and drive it away in seconds—unless the driver has enabled Tesla's optional, off-by-default PIN-to-drive feature that requires the owner to enter a four-digit code before starting the car.
I dunno. Have you seen the resale prices on some of those tractors, even when used? I sure want to steal one and hawk it. (I would never actually, just, I get the temptation)
For at least a decade, a car theft trick known as a “relay attack” has been the modern equivalent of hot-wiring: a cheap and relatively easy technique to steal hundreds of models of vehicles.
But when one group of Chinese researchers actually checked whether it's still possible to perform relay attacks against the latest Tesla and a collection of other cars that support that next-gen radio protocol, they found that they're as stealable as ever.
In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment.
Instead, a hacker's device near the car has, in fact, relayed the signal from the owner's real key, which might be dozens or hundreds of feet away.
Or, as GoGoByte researcher Yuqiao Yang describes, the trick could even be carried out by the person behind you in line at a café where your car is parked outside.
“That's how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.
The original article contains 437 words, the summary contains 220 words. Saved 50%. I'm a bot and I'm open source!
Would it suffice to implement a handshake between fob and car, but also prevent the handshake from establishing if the car or fob receives its own signal, indicating its signal being replicated? Since it's a radio signal this would at least make it somewhat harder, but still not impossible, to relay a signal.