Again, this IOT (Internet Of Things) with everything digitally connected through the web turns out to not be all it was cracked up to be.<\/p>\n
Bluetooth hack compromises Teslas, digital locks, and more<\/a><\/p>\n A group of security researchers has found a way to circumvent digital locks and other security systems that rely on the proximity of a\u00a0Bluetooth<\/a>\u00a0fob or smartphone for authentication.<\/p>\n Sultan Qasim Khan, the principal security consultant and researcher with NCC Group, demonstrated the attack on a\u00a0Tesla Model 3<\/a>, although he notes that the problem isn\u2019t specific to Tesla. Any vehicle that uses Bluetooth Low Energy (BLE) for its keyless entry system would be vulnerable to this attack.<\/p>\n Many smart locks are also vulnerable, Khan adds. His firm specifically called out the\u00a0Kwikset\/Weiser Kevo<\/a>\u00a0models since these use a touch-to-open feature that relies on passive detection of a Bluetooth fob or smartphone nearby. Since the lock\u2019s owner doesn\u2019t need to interact with the Bluetooth device to confirm they want to unlock the door, a hacker can relay the key\u2019s Bluetooth credentials from a remote location and open someone\u2019s door even if the homeowner is thousands of miles away.<\/p>\n This exploit still requires that the attacker have access to the owner\u2019s actual Bluetooth device or key fob. However, what makes it potentially dangerous is that the real Bluetooth key doesn\u2019t need to be anywhere near the vehicle, lock, or other secured devices.<\/p>\n Instead, Bluetooth signals are relayed between the lock and key through a pair of intermediate Bluetooth devices connected using another method \u2014 typically over a regular internet link. The result is that the lock treats the hacker\u2019s nearby Bluetooth device as if it\u2019s the valid key.<\/p>\n As Khan explains, \u201cwe can convince a Bluetooth device that we are near it \u2014 even from hundreds of miles away [\u2026] even when the vendor has taken defensive mitigations like encryption and latency bounding to theoretically protect these communications from attackers at a distance.\u201d<\/p>\n The exploit bypasses the usual relay attack protections as it works at a very low level of the Bluetooth stack, so it doesn\u2019t matter whether the data is encrypted, and it adds almost no latency to the connection. The target lock has no way of knowing that it\u2019s not communicating with the legitimate Bluetooth device.<\/p>\n Since many Bluetooth security keys operate passively, a thief would only need to place one device within a few feet of the owner and the other near the target lock. For example, a pair of thieves could work in tandem to follow a Tesla owner away from their vehicle, relaying the Bluetooth signals back to the car so that it could be stolen once the owner was far enough away.<\/p>\n These attacks could be carried out even across vast distances with enough coordination. A person on vacation in London could have their Bluetooth keys relayed to their door locks at home in Los Angeles, allowing a thief to quickly gain access simply by touching the lock.<\/p>\n This also goes beyond cars and smart locks. Researchers note that it could be used to unlock laptops that rely on Bluetooth proximity detection, prevent mobile phones from locking, circumvent building access control systems, and even spoof the location of an asset or a medical patient.<\/p>\n NCC Group also adds this isn\u2019t a traditional bug that can be fixed with a simple software patch. It\u2019s not even a flaw in the Bluetooth specification. Instead, it\u2019s a matter of using the wrong tool for the job. Bluetooth was never designed for proximity authentication \u2014 at least not \u201cfor use in critical systems such as locking mechanisms,\u201d the firm notes.<\/p>\n First, it\u2019s essential to keep in mind that this vulnerability is specific to systems that rely exclusively on passive detection of a Bluetooth device.<\/p>\n For example, this exploit can\u2019t realistically be used to bypass security systems that require you to unlock your smartphone, open a specific app, or take some other action, such as pushing a button on a key fob. In this case, there\u2019s no Bluetooth signal to relay until you take that action \u2014 and you\u2019re generally not going to try and unlock your car, door, or laptop when you\u2019re not anywhere near it.<\/p>\n This also won\u2019t typically be a problem for apps that take steps to confirm your location. For instance, the auto-unlock feature in the popular\u00a0August smart lock<\/a>\u00a0relies on Bluetooth proximity detection, but the app also checks your GPS location to make sure you\u2019re actually returning home. It can\u2019t be used to unlock your door when you\u2019re already home, nor can it open your door when you\u2019re miles away from home.<\/p>\n If your security system allows for it, you should enable an extra authentication step that requires that you take some action before the Bluetooth credentials are sent to your lock. For example, Kwikset has said that customers who use an iPhone can enable two-factor authentication in their lock app, and it plans to add this to its Android app soon.\u00a0Kwikset\u2019s Kevo application<\/a>\u00a0also disables proximity unlocking functionality when the user\u2019s phone has been stationary for an extended period.<\/p>\n Note that unlocking solutions that use a mix of Bluetooth and other protocols are not vulnerable to this attack. A typical example of this is Apple\u2019s feature that lets folks\u00a0unlock their Mac with their Apple Watch<\/a>. Although this does use Bluetooth to detect the Apple Watch nearby initially, it measures the actual proximity over Wi-Fi \u2014 mitigation that\u00a0Apple\u2019s executives specifically said was added to prevent Bluetooth relay attacks<\/a>.<\/p>\n NCC Group has published a technical advisory about\u00a0Bluetooth Low Energy vulnerability<\/a>\u00a0and separate bulletins about how it affects\u00a0Tesla vehicles<\/a>\u00a0and\u00a0Kwikset\/Weiser locks<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" Again, this IOT (Internet Of Things) with everything digitally connected through the web turns out to not be all it was cracked up to be. Bluetooth hack compromises Teslas, digital locks, and more A group of security researchers has found a way to circumvent digital locks and other security systems that rely on the proximity … Continue reading “”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,87],"tags":[],"class_list":["post-81152","post","type-post","status-publish","format-standard","hentry","category-safety","category-technology"],"_links":{"self":[{"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/posts\/81152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/milesfortis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=81152"}],"version-history":[{"count":4,"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/posts\/81152\/revisions"}],"predecessor-version":[{"id":81156,"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/posts\/81152\/revisions\/81156"}],"wp:attachment":[{"href":"https:\/\/milesfortis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=81152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/milesfortis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=81152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/milesfortis.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=81152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
<\/a>How it works<\/h2>\n
<\/a>How to protect yourself<\/h2>\n