$100 Bluetooth Hack Can Unlock All Kinds Of Devices, Including Teslas, From Miles Away
from the dumb-tech-is-smart-tech dept
While they’re not impervious, at least you know where you stand with a good, old fashioned dumb lock. That’s in stark contrast to so-called “smart” locks, which studies have repeatedly shown to be easily compromised with minimal effort. One report showed that 12 of 16 smart locks they tested could be relatively easily hacked thanks to flimsy security standards.
Now there’s a new vulnerability to worry about. Sultan Qasim Khan, a researcher at NCC Groupover has discovered a new Bluetooth vulnerability that’s relatively trivial to exploit with around $100 in hardware, and impacts potentially thousands of Bluetooth devices, including Teslas.
The attack exploits a weaknesses in the Bluetooth Low Energy (BLE) standard adhered to by thousands of device makers, including “smart” door locks, cars, laptops, and various “internet of things” devices. It’s a form of “relay attack” that usually requires two attackers, one near the target, and one near the phone used to unlock the target.
But this class of attack doesn’t even require two people. A relaying device can be placed near where the target device is located or will be located (like by your driveway), and the other attacker can be targeting the device from hundreds of yards — or even miles — away:
“Hacking into a car from hundreds of miles away tangibly demonstrates how our connected world opens us up to threats from the other side of the country—and sometimes even the other side of the world,” Sultan Qasim Khan, a principal security consultant and researcher at security firm NCC Group, told Ars. “This research circumvents typical countermeasures against remote adversarial vehicle unlocking and changes the way we need to think about the security of Bluetooth Low Energy communications.”
Device makers have implemented a bunch of countermeasures to prevent against BLE attacks like these, but Khan found a way to mitigate those attacks. Many other companies are smart enough to avoid using BLE for proximity authentication (since it was designed for data transfer, not authentication), but given that privacy and security is an afterthought for many companies, many still do.
All told, it’s just another reminder that dumb tech is often… smarter.