This exploit can be executed while the attacker is within Bluetooth range of the vehicle, and does not need physical access to the car. However, this NFC activation doubles as a signature to approve the malicious permission request, without the user’s awareness. While this request is pending, if the interior or exterior NFC Reader is activated for any standard car action (Lock/Unlock/Drive), the car executes the action normally. VULNERABILITYĪ vulnerability exists in the Tesla VCSEC system where an attacker can connect to a Tesla Model S/3/X/Y via Bluetooth Low Energy, send a malicious packet and request whitelist permissions to gain access to the vehicle. The purpose of releasing this is to put additional pressure on Tesla to implement one of our proposed fixes. No teslas have been reported stolen due to this exploit. None of this information is released with intent to harm nor promote malicious use. The code to execute this exploit has been left closed source for general security. Initial Tesla Contact Email - May 17th, 2022 However, they did not publish all the details outlined in this document. Another research team has independently published the basic concept of the attack at a recent security conference. Attempt to Contact Tesla & Reason For PublicationĪll good faith efforts have been made to contact Tesla's Security Vulnerability team, however we have been met with no response. Edit: Tesla is aware of the vulnerability. This video/article may not be used in any publications without explicit permission from the author(s). RKiE - Remote Key injection Exploit Authors: Jeff ( /u/jeffrah) & Samed ( /u/xsorifc28)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |