One flaw made Tesla’s autos easy to steal

Physical keys are so 20th century.

Many carmakers are doing away with keys, instead opting for digital systems that allow you to start a vehicle with a push of a button, a voice command, a key card or even an app on your smartphone.

But with new technology comes new problems. And that is what happened with a Tesla NFC card. An NFC card (Near Field Communication card), a key fob or a phone app all unlock a Tesla.

Last year, Tesla rolled out an update for its NFC card entry system. The new card allowed the user to unlock the car and the car would automatically start within 130 seconds, allowing the user could drive without using the card a second time. The problem: It also put the car into a state to accept entirely new digital keys — a thief's dream. If a hacker was able to enroll a new key, they'd be able to access and start up the vehicle any time.

The security weakneses was uncovered by Martin Herfurt, a researcher based in Austria. Martin found that once a Tesla was unlocked with an NFC card, anyone with the right Bluetooth Low Energy device could enroll an unconnected key simply by communicating directly with the car. The Tesla's owner would receive no alerts or warnings. It's unknown if hackers had previously exploited this flaw. But if so, stealing Tesla vehicles would have been rather easy.

If the owner used the Tesla phone app rather than the keycard, they were still protected. The app only allows keys connected to the owner's account to enroll.

Tesla is far from the only automaker doing away with traditional keys. Automakers have favored physical keys with embedded chips.