Novel link-layer Bluetooth Low Energy relay attacks that could evade mitigations and protections including encrypted link layer, detectable latency levels, and localization approaches could be performed by a new tool developed by NCC Group researchers, SecurityWeek
NCC Group researchers noted that the new attack, which was tested on Tesla vehicles with a BLE-based passive entry system
, could not only pass encrypted link layer PDUs but also identify and conform to encrypted connection parameter modifications.
"This system infers proximity of the mobile device or key fob based on signal strength (RSSI) and latency measurements of cryptographic challenge-response operations conducted over BLE," said NCC Group.
The same attack has been tested and found to be effective on Kevo smart locks. Tesla and Spectrum Brands HHI have already been informed about the attack, while Bluetooth SIG also noted that it was seeking to develop "more accurate ranging mechanisms" to curb such attacks.