Unauthorized Access Vulnerability on Teslas | How Could This Be Prevented in the Future?

A relay attack is a form of hacking technique related to replay attacks and man-in-the-middle attacks. A relay attack involves the interception of information with fraudulent intent, tricking the receiver into thinking the transmitted data is legitimate.  

What Happened? 

According to a recent Jalopnik article, Teslas hackers have found another unauthorized access vulnerability, borrowing tricks from typical radio-frequency replay attacks, but the implementation is exclusive to the most modern cars.  

The use of relay attacks has typically been used to fake key fobs in order to gain access to keyless entry and start system cars. While many different models are vulnerable to these types of attacks, Telsa’s credit card keys have been able to remain relatively secure against these types of attacks until this point.  

In a classic relay attack, access is gained by intercepting and replicating a key fob’s communication with the car. This is accomplished by having one hacker stand close to the key fob and transmit the signal coming from it over a radio to a hacker attempting to gain access to the car. This method is unsuccessful against Tesla models because they utilize Near Field Communication (NFC) which renders radios useless and has a much more limited range of communication. However, hackers have discovered a way to replicate the complicated communication that occurs between the Tesla Model Y and its credit card key. This allows the hacker to execute a “range-extending relay attack” and gain access to the car, successfully reverse-engineering the NFC handshake.

How could Eclypses MTE Technology solve this problem? 

Eclypses MTE technology would secure these commands with instantly obsolete random replacement values that are unrelated to the data thwarting man-in-the-middle attacks that make this vulnerability possible.  

With Eclypses MTE technology, cybercriminals would not be able to manipulate or replay the packets that would perform these actions. MTE packets expire if they don’t arrive in time, thwarting the signal extension attack. Lost packets are handled with a sequencing verifier instead of leaving codes valid.  

“This continues to be a huge problem for the automotive industry. Instead of putting a band-aid on this problem and limping along to the next attack, the manufacturers need to solve the problem differently. MTE works great in resourceconstrained environments such as a key fob, eliminating the possibility of attacks like this and protecting against attacks of the future, comments Aron Seader, Eclypses Senior Director of Core Engineering. 

Interested in learning more or looking at our test environment to demonstrate this? Reach out to our team today or watch this explainer video to learn more about how MTE technology protects key fobs.