Tesla is the most popular electric car brand in the world today. A reputation that makes it a target of choice.
Since their arrival on the French market, Teslas have been selling like hot cakes. Last September, the Model 3 even became the best-selling car of the month in Europe. A real record for the brand created by Elon Musk, which thus becomes the first electric car manufacturer to occupy this very first position.
But while Teslas are many people’s dream car, they’re not perfect. Indeed, computer security researchers regularly question the operation of these cars, and a more specific part: the security of the locking of the latter.
The card authentication problem is well known at Tesla
Because unlike the cars we come across every day in the street, there is no key to open a Tesla. If the application is the solution acclaimed by the brand, there is also the alternative of the NFC card. The latter has the advantage of being unique to each car, which is a guarantee of safety depending on the brand.
An opinion that does not share at all Martin Herfut, an Austrian computer science researcher. The latter has also made an impressive demonstration. He manages to open and take control of a Tesla in just 130 seconds. As he explains in the paper accompanying his discovery, Herfut believes that this flaw was created by Tesla herself.
Last year the American brand released an update that was supposed to make life easier for users by making it easier to unlock the car with a key. The movement was more natural, it was not necessary to put the tail card in the right place. A trivial feature at first glance, but which turned out to be a real major security flaw.
130 seconds when the car is in free access
To fully understand the computer flaw discovered by Herfut, one must understand how a Tesla opens. Once you have placed the card on the reader, located on the door, you have 2 minutes to identify yourself, otherwise the car will not start. But according to Herfut this period of time would be more than enough to create new maps and thus be able to use this bias in Tesla’s system.
Because during the 130 seconds between the first authentication and the new locking of the car, the latter accepts all new Tesla cards and recognizes them as authentic when they are not at all.
Even more dangerous for Tesla users, the mobile application which is attached to the car does not detect anything abnormal during this maneuver. It is therefore impossible to realize that we are having our Tesla stolen. Note, however, that Herfut assured that this system had little chance of being deployed on a large scale.
The latter still requires great computer knowledge, and not everyone can steal a Tesla in this way. In any case, this is not the first time that the brand of Elon Musk has been pinched for its imperfect cybersecurity.