A security researcher has discovered a vulnerability with Tesla’s NFC (Near-Field Communication) Key Card access that allows someone to add their own Key Card, without you or the vehicle knowing that they did.
Last year we reported on an undocumented change to the way Key Card access worked, whereby you no longer needed to place the Key Card on the center console to shift the vehicle into gear and drive away.
The only catch was that you had to shift into gear within a set time frame, which Tesla put at just over two minutes.
According to Martin Herfurt, a security researcher in Austria, the time limit not only allowed you to start the car, but also allowed new keys to be added with no authentication required and no indication to the driver that anything had happened.
Hefurt developed a proof of concept to demonstrate the vulnerability. All a thief would need to do is be within range of the car, and after it is unlocked begin exchanging messages between his app and the car that would automatically add his own Key Card to the list of authorized Key Cards. The thief could then use that Key Card to gain access to the vehicle and potentially steal it.
There is a consumer version of Teslakee, which Hefurt says helps protect you against relay attacks like this. In an interview with Ars Technica, Hefurt says he has been able to demonstrate the vulnerability on a Model 3 and Model Y. He has not tested it on the latest Model S and Model X, but expects similar results.
One way to help is to enable PIN to Drive. While this won’t prevent someone from unlocking your car, they won’t be able to drive away.
You can watch a demonstration of the vulnerability below.