In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment. Since the Tesla 3’s keyless entry system also controls the car’s immobilizer feature designed to prevent its theft, that means a radio hacker could start the car and drive it away in seconds—unless the driver has enabled Tesla’s optional, off-by-default PIN-to-drive feature that requires the owner to enter a four-digit code before starting the car.

    • bstix
      link
      fedilink
      arrow-up
      9
      ·
      7 months ago

      A lot of car thefts are just kids taking them for a thrill ride, trashing and leaving it.

      Nobody wants to steal a tractor, but yet they do get stolen just as often as any other vehicle, because they’re easy to unlock and start.

      The GTA games got that part right.

      • mynachmadarch@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        I dunno. Have you seen the resale prices on some of those tractors, even when used? I sure want to steal one and hawk it. (I would never actually, just, I get the temptation)

        • bstix
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          Even tractors are tracked by the manufacturer these days.

          The high prices for used tractors are only for the old ones in specific nostalgic colours, like Grey Ferguson. Nobody wants a blue Ferguson?

    • thanks_shakey_snake@lemmy.ca
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      Car thieves: “You know, I just don’t feel right supporting a company like Tesla by stealing from people who purchased their products.”

  • InFerNo@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    Was just pondering over this.

    Would it suffice to implement a handshake between fob and car, but also prevent the handshake from establishing if the car or fob receives its own signal, indicating its signal being replicated? Since it’s a radio signal this would at least make it somewhat harder, but still not impossible, to relay a signal.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    This is the best summary I could come up with:


    For at least a decade, a car theft trick known as a “relay attack” has been the modern equivalent of hot-wiring: a cheap and relatively easy technique to steal hundreds of models of vehicles.

    But when one group of Chinese researchers actually checked whether it’s still possible to perform relay attacks against the latest Tesla and a collection of other cars that support that next-gen radio protocol, they found that they’re as stealable as ever.

    In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment.

    Instead, a hacker’s device near the car has, in fact, relayed the signal from the owner’s real key, which might be dozens or hundreds of feet away.

    Or, as GoGoByte researcher Yuqiao Yang describes, the trick could even be carried out by the person behind you in line at a café where your car is parked outside.

    “That’s how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.


    The original article contains 437 words, the summary contains 220 words. Saved 50%. I’m a bot and I’m open source!