Tag Archive for: keyless

Tesla Model 3, Model Y’s keyless entry system can be compromised, shows hacker


A cybersecurity researcher noted that tinkering with Tesla’s keyless entry system relies on Bluetooth Low Energy (BLE) protocol.

By : HT Auto Desk
|
Updated on:
17 May 2022, 07:27 AM

File photo of Tesla Model Y 
File photo of Tesla Model Y 

While Tesla’s keyless entry system may be one of its most convenient features, it also has a loophole. A cybersecurity researcher has demonstrated to Bloomberg how the technology can be compromised, allowing thieves to unlock and drive off with certain models of electric vehicles from Tesla. According to Sultan Qasim Khan, principal security consultant at security firm NCC Group, hackers can redirect communications between a car owner’s mobile phone, or key fob, and the car, especially in case of Tesla Model 3 and Model Y.

Outsiders can fool the keyless entry system into thinking the owner is located physically near the vehicle. Khan, however, clarified that the hack is not specific to Tesla but he demonstrated the hack on one Tesla’s car models. He stated that the result of his tinkering with Tesla’s keyless entry system relies on Bluetooth Low Energy (BLE) protocol.

(Also read | Tesla puts India entry plan on hold after deadlock on EV tariffs: Sources)

However, there is no evidence that thieves have actually used the hack to improperly access Tesla vehicles. The researcher further noted that to fix the issue, the carmaker would need to alter its hardware and change its keyless entry system. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

During the demonstration to Bloomberg, Khan conducted a so-called relay attack, in which a hacker uses two small hardware devices that forward communications. To unlock the car, he placed one relay device within roughly 15 yards of the Tesla owner’s smartphone or key fob and a second, plugged into his laptop, near to the car.

The technology utilized custom computer code that Khan had designed for Bluetooth development kits, which are sold online for less than $50. The hardware needed, in addition to the custom software, costs roughly $100, and can also be…

Source…

Keyless hack can unlock and start cars — including Teslas


Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of electric vehicles.

A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group.

By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.

The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.

There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.

Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said.

The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as a method that hackers exploit to unlock smart technologies, including house locks, cars, phones and laptops, Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.

Kwikset Corp. Kevo smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in the lock app.

A…

Source…

Keyless Rides New Partnerships to Another $3 Million in Seed Funding


The biometric authentication startup Keyless has brought in another $3 million in seed funding. The latest round was led by the Italian venture capital firm P101 SGR, with additional support from Primomiglio SGR, Inventures, and Gumi Crypto Capital. 

Keyless Rides New Partnerships to Another $3 Million in Seed Funding

The latest influx of cash brings Keyless’ total amount of seed funding to $9.2 million. According to Keyless, the new funds were secured based on the strength of a trio of new partnerships with Microsoft Azure AD B2C, OneLogin, and Auth0, all three of which are major identity and access management providers.

The $3 million reflects investor confidence in those new partnerships. Keyless noted that while companies like OneLogin and Auth0 provide other organizations with solutions that make it easier to manage employee and customer identities, they do not always develop their own biometric authentication software, and need to form alliances with companies that do. Keyless happens to be one such provider, which is why the company believes that the new partnerships will help Keyless make connections with a larger number of end users.

“Traditional multi-factor authentication can be cumbersome, expensive, and susceptible to new attack avenues,” said Keyless CEO Andrea Carmignani. “By partnering with IAM providers, we can serve the market’s need with innovative authentication solutions that are not only intuitive for users, but offer stronger protection against emerging mobile security and privacy threats.”

“Keyless offers a sophisticated solution that helps authentication and identity management providers put the user and their privacy first,” added P1010 SGR Partner Giuseppe Donvito. “Embracing biometric technology that utilises a distributed cloud network not only helps eliminate fraud, phishing and account takeover threats, it also ensures that sensitive biometric information is never at risk of being lost, stolen or mishandled.”

Keyless previously brought in $2.2 million in seed funding in a round that closed in 2019. The company is hoping to capture a portion of a biometric systems market that is expected to be worth $68.6 billion by 2025.

April 16, 2021 – by Eric Weiss

Source…

High tech car theft: 3 minutes to steal keyless BMWs

BMW is just one example of cars that utilize a wireless key fob to unlock the doors and start the engine instead of using a physical key. BMWs are highly coveted vehicles, so if you desired you might be able to fool people into thinking you have one by carrying a USB that looks like a BMW key. Read more

Ms. Smith’s blog