Description
Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.
References
https://fmsh-seclab.github.io/
ExploitTechnical DescriptionThird Party Advisory
https://github.com/fmsh-seclab/TesMla
Third Party Advisory
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-09-16T22:15:12.137
2 years agoLast modified
2022-09-23T13:20:09.930
2 years ago