Day: June 10, 2022

Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars.

For years, drivers who used their Tesla NFC key card to unlock their cars had to place the card on the center console to begin driving. Following the update, which was reported here last August, drivers could operate their cars immediately after unlocking them with the card. The NFC card is one of three means for unlocking a Tesla; a key fob and a phone app are the other two.

Enrolling Your Own Key

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys—with no authentication required and zero indication given by the in-car display.

“The authorization given in the 130-second interval is too general … it’s not only for drive,” Herfurt said in an online interview. “This timer has been introduced by Tesla … in order to make the use of the NFC card as a primary means of using the car more convenient. What should happen is that the car can be started and driven without the user having to use the key card a second time. The problem: Within the 130-second period, not only the driving of the car is authorized, but also the enrolling of a new key.”

The official Tesla phone app doesn’t permit keys to be enrolled unless it’s connected to the owner’s account, but despite this, Herfurt found that the vehicle gladly exchanges messages with any Bluetooth Low Energy, or BLE, device that’s nearby. So the researcher built his own app, named Teslakee, that speaks VCSec, the same language that the official Tesla app uses to communicate with Tesla cars.

A malicious version of Teslakee that Herfurt designed for proof-of-concept purposes shows how easy it is for thieves to surreptitiously enroll their own key during the 130-second interval. (The researcher plans to release a benign version of Teslakee eventually that will make such attacks harder to carry out.) The attacker then uses the Teslakee app to exchange VCSec messages that enroll the new key.

All that’s required is to be within range of the car during the crucial 130-second window of it being unlocked with an NFC card. If a vehicle owner normally uses the phone app to unlock the car—by far the most common unlocking method for Teslas—the attacker can force the use of the NFC card by using a signal jammer to block the BLE frequency used by Tesla’s phone-as-a-key app.

This video demonstrates the attack in action:

Content

This content can also be viewed on the site it originates from.

Earlier this week, Venus Aerospace, a Houston-based aeronautics startup, released renderings for Stargazer—an incredibly fast high-altitude vehicle it’s hoping to develop.

Venus Aerospace has been working on the hypersonic aircraft since 2020, according to a company press release, and it has raised $33 million to build the plane, of which $1 million came from government funding. Hypersonic refers to vehicles or missiles capable of traveling Mach 5 or faster, and Stargazer has the potential to reach Mach 9, or nine times the speed of sound. The vehicle is being designed to hold 12 passengers while it travels at an altitude of 170,000 feet (51.8 kilometers), the company said in an email.

Even though Venus Aerospace calls Stargazer a “spaceplane,” the vehicle won’t actually venture to space. The technical boundary of space is still about 30 miles (50 kilometers) higher than Stargazer’s maximum altitude, so the plane won’t travel to beyond the Kármán line—sort of like how space balloons don’t really enter space either. That said, passengers will still have quite the view, with the curvature of Earth being clearly visible.

The Stargazer is expected to get passengers from Tokyo to Los Angeles in an hour. Imagine that—you’d be able to gallivant around Shibuya Crossing and climb the Skytree for a few hours, only to be back home on the west coast before dinnertime. That’s definitely an improvement over the the 11-hour flight on a commercial aircraft.

Stargazer would take off using engines just like a conventional airplane, but then “transition to rockets once at altitude and away from [the] city,” Venus Aerospace CTO Andrew Duggleby said to me in an email. Stargazer’s first ground test isn’t expected to happen until 2025 at the earliest, and there would be “no less than five years of flight testing to ensure safety, reliability, and performance,” he added.

Ideally, tickets for Stargazer would be roughly the same price as a first-class ticket on a commercial aircraft, but Duggleby said a number of variables still need to be worked out to pin down that price.

If and when Stargazer does get off the ground, the promise of jet-setting across the globe at ludicrous speeds will be incredibly alluring for a certain group who can afford it, even if it isn’t crossing the threshold into the inky black void. That said, ever since the crash of a Concorde plane in July 2000, the public has been understandably jittery about supersonic vehicles. So in addition to engineering challenges, Venus Aerospace will likely have to overcome some psychological barriers as well.

More: Russian Space Agency Plans to Space-Jack a German X-Ray Telescope