Researchers demonstrate a Bluetooth relay attack on Tesla cars. The Bluetooth LE Proximity Authentication design allows a trusted device to unlock another nearby device, such as a Tesla that can use a smartphone as a key to unlock a car. The so-called relay attack is a malicious device relaying the authentication signal of a legitimate device. This is a known issue, and the usual defense is to encrypt the request sent by the link layer or limit the response time. Security researchers demonstrated a relay attack on a 2020 Tesla Model 3 car. The attack tool runs on an iPhone 13 mini mobile phone, the iPhone is 25 meters away from the car, which is outside the Bluetooth communication range, and two relay devices are deployed between the iPhone and the car. Researchers used tools to remotely unlock Tesla cars. This study shows that neither link-layer encryption nor limiting response time can prevent relay attacks.
This article is reprinted from: https://www.solidot.org/story?sid=71543
This site is for inclusion only, and the copyright belongs to the original author.