Upstream’s 1000th Automotive Cybersecurity Incident: Use NFC Card to Gain Control in 130 Seconds

ELAD ROBB

Director of Cyber Threat Intelligence

June 22, 2022

As a part of Upstream’s ongoing effort to monitor, analyze the cyber threat landscape and assess the impact of automotive-related cybersecurity incidents and vulnerabilities, we recently marked an important milestone with the 1000th incident tracked by Upstream’s cyber threat intelligence team on the AutoThreat® platform.


On June 8, 2022, Martin Herfurt, a security researcher in Austria, demonstrated how he could manipulate a Tesla NFC card to unlock vehicles and potentially steal the vehicle.

This feature update was introduced by Tesla in August, making it easier to start vehicles after being unlocked with their NFC key cards. The intention behind this update was simple: enable a smooth experience for drivers using NFC cards to unlock and start their vehicles, within a timeframe of 130 seconds, without the need to use the NFC card twice.

But the researcher noticed that within the 130-second timeframe, it was also possible to accept entirely new keys with no additional authentication and zero indication by the in-car display.

“The authorization given in the 130-second interval is too general… it’s not only for drive,” Herfurt said in an online interview. “This timer has been introduced by Tesla… in order to make the use of the NFC card as a primary means of using the car more convenient. What should happen is that the car can be started and driven without the user having to use the key card a second time. The problem: within the 130-second period, not only the driving of the car is authorized, but also the [enrolling] of a new key.”

The vulnerability lies in Tesla’s keyfob technology, which relies on Bluetooth Low Energy (BLE). Most devices and vehicles that rely on this kind of proximity-based authentication are designed to protect against a range of relay attacks. Yet, researchers at U.K.-based NCC Group say they have developed a tool for conducting a new type of BLE link-layer relay attack that bypasses existing mitigations, theoretically enabling attackers to remotely unlock and operate vehicles.


Upstream offers the first and only threat intelligence offering purpose-built for the automotive ecosystem, providing dedicated automotive-specific intelligence, incident tracking, vehicle-relevant vulnerability detection, threat impact analysis, mitigation suggestions, support in prioritization, exposure analysis and threat propagation.

AutoThreat® PRO was created to empower automotive stakeholders to identify vulnerabilities and manage risks to their assets via threat intelligence data and insights. Upstream’s AutoThreat® PRO offers a purpose-built service with dedicated CTI analysts that includes ongoing threat reports, customized queries, deep and dark web investigations, and tailor-made threat models based on customer-specific assets, needs, and business models.

Newsletter Icon

H1'2024 Report: Redefining Automotive & Smart Mobility IoT Cyber Risks

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

The 2024 Paris Olympics: Navigating the Escalated Cyber Threat Landscape

As the Paris Olympic Games approach, ensuring the safety and success of the event is paramount. Transportation systems and fleets are critical components in this…

Read more

European Legislators are Charging Ahead on IoT Cybersecurity Regulations

IoT devices have become deeply embedded in the automotive and smart mobility ecosystem, dramatically transforming industries with increased efficiencies and innovation. However, this rapid technological…

Read more

The US Federal Government Zooms in on IoT Cybersecurity

As IoT device usage continues to expand across various sectors in the US, government efforts to ensure that these devices are not only effective but…

Read more

The State of Automotive Cybersecurity: Key Insights from Auto-ISAC European Summit

We recently took part in the Auto-ISAC European Summit at the iconic BMW-Welt in Munich, gaining valuable insights into the evolving automotive cybersecurity landscape. As…

Read more