Specialists from the security firm NCC Group developed a tool capable of deploying relay attacks against Bluetooth Low Energy (BLE), which would allow bypassing any existing protection in the target system, authenticating without any problem. This technology is used in all kinds of products, including smartphones, laptops, access control systems, and even in Tesla Model 3 and Model Y cars.

In relay attacks, threat actors begin by intercepting and manipulating communications between two parties, such as a keyless car and the device that opens its doors. Attackers must place themselves in the middle of both ends of communication, transmitting a malicious signal to impersonate the legitimate user.

Technology devices that use BLE for authentication have security measures against relay attacks by default, most based on latency and link-layer encryption. The tool developed by the researchers operates at the link layer and has a latency of 8ms, within the Generic Attribute Profile (GATT) response range.

Thanks to its features, the tool can forward encrypted link layer PDUs, in addition to detecting encrypted changes in connection parameters to continue relaying connections through parameter changes. That is why BLE protections do not work against this attack.

Experts at NCC Group mention that it takes around 10 seconds to complete an attack on any of the affected systems, including Tesla Model 3 and Model Y cars, as they use a BLE-based input system.

While the technical details behind this new attack have not been released, researchers reported testing this tool on a 2020 Tesla Model 3, via an iPhone 13 mini with version 4.6.1-891 of the Tesla app. The attack was also successfully replicated in a Tesla Model Y 2021 model, as they employ similar technologies.

The researchers mention that it is complicated to implement solutions for this security problem due to the features of BLE. In addition, even if industry members responded immediately and in a coordinated manner, updates could take months to arrive for all affected users.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Critical vulnerability in Bluetooth Low Energy (BLE) allows easily hacking Tesla cars, smart locks and millions of devices that use this Bluetooth technology appeared first on Information Security Newspaper | Hacking News.


You May Also Like

25 BadAlloc vulnerabilities affects BlackBerry QNX RTOS used by over 195 million vehicles and embedded systems in different industries. Patch quickly

In a security report, BlackBerry announced that its QNX Real Time Operating…

AWS patches to fix Log4j vulnerabilities could be exploited for privilege escalation or container escape attacks

Cybersecurity specialists from Palo Alto Networks mention that patches released by Amazon…

Important privilege escalation flaw in SonicWall Global VPN client: Patch immediately

Cybersecurity specialists reported the finding of a severe vulnerability affecting SonicWall Global…