When Keys Go Digital Cyber Attacks Can Follow

By Justin Montalbano

Hotwiring a car is so twentieth century. Like many other nefarious activities, stealing cars has gone digital. Recent research done by the NCC group shared how Tesla Model 3 and Model Y vehicles may be susceptible to cyber attacks.

Like most exploits that are released, the goal of the researcher is to simply get the company to fix the issue while also bringing awareness to the industry of the threats and weaknesses exposed by modern technology, in this case automobiles. However, Tesla has already responded to NCC’s work by saying “that relay attacks are a known limitation of the passive entry system.” Now although this may seem like Tesla is neglecting to fix this vulnerability, this is a wider issue amongst many vehicles that have passive entry systems, relay attacks. 

When we look into this specific exploit, the attacker would need to be in proximity of the victim to successfully unlock and steal the vehicle. Then they would essentially do a classic relay attack over Bluetooth Low Energy (LE) with low enough latency to not violate encrypted sessions. There is definitely an associated risk with such an exploit, but that risk is rather low as the attack requires proximity to the victim’s phone and/or key fob.

If you have a vehicle that leverages Bluetooth for its key fob, one simple way to limit your exposure to this attack, would be to disable your Bluetooth on your phone until you’re in proximity of your vehicle and need to unlock it. But doing so would bring a level of inconvenience, but as we all know in security, convenience can be the root of insecurity. 

Looking at past vulnerabilities on passive key entry and key fob systems has consistently shown this weakness which has impacted the automotive industry for years. Most notably is the “roll-jam” attack from 2015 by Samy Kamkar which specifically attacked the rolling code “security” within automotive key fobs. As cars become more connected with our mobile devices, the cloud, and each other; these types of vulnerabilities will become more commonplace.

Are you experiencing a
Security Incident?

We are here to help 24/7. In addition to providing immediate assistance, Digital Silence offers a suite of remediation services designed to help organizations get back to business.