Featured Tesla cellular App creates a "man in the middle" security flaw.

There's been almost no news coverage of a major security flaw discovered last week, approximately 6 days ago. Anyone with a Tesla can use their cell phone to unlock and then drive your car.

The flaw was introduced when Tesla updated their cell phone app and the car firmware to allow the car to treat the cell phone like a real key. It effect, it gives an authenticated cell phone the same privileges as a physical key in their wireless smart keyless entry system. That sounds cool, and it is if it's done correctly.

The problem appears to be that the Tesla programmers made a classic rookie mistake when coding the authentication, key exchange and authorization routines. The end result is that when you unlock your own Tesla, any other tesla within range of the blue tooth signal will accept your phone as authorized to provide entry. Oh, and it also thinks that your phone is authorized to allow you to start and drive the car.

In effect, Tesla created a built in "man in the middle" exploit, and then there was virtually nothing mentioned about it for days. It just occurred to me that Twitter could be suppressing any tweet that mentions that flaw. I wonder how we would even know?

One of the few early reports : https://www.autoblog.com/2023/03/13/tesla-model-3-unlocked-driven-by-wrong-owner

It was mentioned on Reddit last week that you might want to remove all valuables from your car until an official recall is executed or until you hear from an official Telsa channel that it's been fixed.

I find it incredible that this made it through the Tesla testing without anyone ever checking to see that it does not have an interaction with the wrong car.

P.S. Tesla supporters will say that this is no different than the legacy car locks that have as few as 40 unique "jiggler" keys to open the driver's door. That is true, but it's not the same. If you use an "almost right key" to open the door to your Prius you will find that it does not start the car. There is a separate technology that is used inside the car ( the immobilizer ) that must be satisfied that you are authorized to use the car.

 

I don't think that there have been any studies that show that tesla owners are more ethical or scrupulous than the average person.

There have been reports that crooks have used a certain type of range extender as a "man in the middle" in order to break into or steal cars with poorly implemented wireless security. The range extender enables the crook to trigger the app on the owner's phone to unlock and turn on the car from hundreds of feet away. In essence, they don't need to own a tesla in order to take yours and your neighbor's too.

Will it be easy to patch? I should hope not. Someone in the Dev roll blew it when they wrote the code . They also chose the wrong technique to authenticate the car and the Mobile app. Someone in the QA role blew it in the design stages. Someone in the QC role blew it in the testing stages. Someone in the marketing role has done a great job of proselytizing the owners so that they come to the company's defense. The faulty work needs to be recreated by fresh engineers who understand why the cars that might have been attacked that way may be compromised. If they don't have a way to test for a root kit, the common remediation includes wiping the disk(s) and any device that might have a virus on it. That includes firmware. Of course, those machines are typically turned off and isolated until the system is rebuilt from a known good source.

No, it should not be easy to fix the flaw and not quick to test it either. It should not be easy to push out the fix as an OTA patch. I hope someone in Tesla is taking this seriously.

 

There are surprisingly few reports. Normally you'd see disclaimers from Musk, but not that I've seen so far.

The following quote from "https://www.thedrive.com/news/tesla-app-unlocks-someone-elses-car-lets-them-drive-away-in-it" speaks to the difficulty in determining how many people have tried to report the flaw.