Hacking is not a problem. Why is old hacking technology still relevant for Tesla?

Relay Attack is a long-known method of hacking cars, and a very effective one at that. It is used for cars with a smart key. During testing out of 237 different vehicles, only three car models were able to withstand this type of attack.

Tesla Company, How representatives say, updated the keyless entry system and announced the elimination of the threat of a relay attack. But a few days ago, Chinese researchers demonstratedthat Tesla cars are still vulnerable.

What is a relay attack?

We are talking about bypassing the security of modern vehicles with smart key technology. The smart key exchanges cryptographically secure messages with the vehicle, which allows the security system to verify its authenticity. It is extremely difficult to hack all this “head-on”, but you can always go around it.

This is what the attackers do. They use specialized radio devices to intercept the key validation message. Then they return it to the car and it unlocks. There is another way, which uses a CAN injection system. This is a much more complex technology, it works well described here.

The simplest protection against interception is storing keys in a metal box or case that blocks signal transmission. This, by the way, is the method officially recommended by Ford.

Old technology still works

How found out in China, the relay attack still works: representatives of the GoGoByte security agency showed that an attacker can still open a car in a matter of seconds and drive away in it. But there is one caveat: this will only work if the owner has not activated additional protection, a PIN code. By default, additional protection is disabled, so few drivers use it.

Unfortunately, the Chinese have not disclosed the set of equipment they use for hacking. But they said that its total cost does not exceed $100 – for an advanced radio hacker this is pennies, because stolen cars cost much more. It is only known that they use two special devices. One is placed close to the smart key, the second is located next to the vehicle being hacked. A radio channel is created through which the smart key is validated. The car opens, and then it’s a matter of technology. By the way, the Chinese confirm that storing the key in a metal box is excellent protection against relay attacks. But, of course, not all motorists with “smart” cars do this.

The possibility of using relay hacking surprised experts, since Tesla applied to the US Federal Communications Commission back in 2020. For what? To announce the start of introducing so-called ultra-wideband (UWB) into its keyless entry systems.

UWB (Ultra-Wide Band, UWB) is a wireless technology for transmitting information using pulsed signals emitted by the antennas of short-range transceiver devices in a frequency band of at least 500 MHz (or 20% of the central operating frequency). This involves transmitting a series of very short pulses, each lasting about one nanosecond.

This update allows the car to estimate the exact distance to the owner’s key or smartphone and prevent receiving a validation message sent by third-party equipment. As it turns out, Tesla's announcement is a mere formality. There was no update to the communication protocol that eliminated the relational attack.

Not only Tesla

Cars from other manufacturers are also still vulnerable. New UWB-based security features have been slow to be adopted. According to the same Chinese researchers, one of the companies that announced such implementation does not even have software to implement the new technology. This is despite the fact that the automaker's hardware supports the new features. Company name for now not reportedas engineers work to fix the vulnerability.

“As far as I understand, it may take time for teams to find a middle ground. Where, on the one hand, relay attacks can be prevented. On the other hand, it should not have a negative impact on the user experience.”, said Jose Rodriguez, a representative of the information security company IOActive. Previously, he and his team also demonstrated relay attacks on Tesla cars.

According to GoGoByte, Tesla can quickly implement support for the new security protocol. Until then, owners of electric vehicles from Elon Musk's company are not insured against theft. To increase the level of security, it is recommended to place the key in a metal box and set a PIN code, as mentioned above.