Banner Default Image

Tesla Model S Hack Could Let Thieves Clone Key Fobs to Steal Cars

almost 6 years ago by Lucy Cinder

Tesla Model S Hack Could Let Thieves Clone Key Fobs to Steal Cars

Tesla 1724773 1920

Despite having proper security measures in place to protect the driving systems of its cars against cyber attacks, a team of security researchers discovered a way to remotely hack a Tesla Model S luxury sedans in less than two seconds.

A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group of the Department of Electrical Engineering at the KU Leuven University in Belgium has demonstrated how it break the encryption used in Tesla's Model S wireless key fob.

With $600 in radio and computing equipment that wirelessly read signals from a nearby Tesla owner's fob, the team was able to clone the key fob of Tesla's Model S, open the doors and drive away the electric sports car without a trace, according to Wired.

"Today it’s very easy for us to clone these key fobs in a matter of seconds," Lennert Wouters, one of the KU Leuven researchers, told Wired. "We can completely impersonate the key fob and open and drive the vehicle."

However, the KU Leuven researchers found that Tesla uses a keyless entry system built by a manufacturer called Pektron, which uses a weak 40-bit cipher to encrypt those key fob codes.

The researchers made a 6-terabyte table of all possible keys for any combination of code pairs, and then used a Yard Stick One radio, a Proxmark radio, and a Raspberry Pi mini-computer, which cost about $600 total—not bad for a Tesla Model S though—to capture the required two codes.

With that table and those two codes, the team says it can calculate the correct cryptographic key to spoof any key fob in just 1.6 seconds. 

The team reported the issue to Tesla last year, but the company addressed it in June 2018 by upgrading the weak encryption. Last month, the company also added an optional PIN as an additional defense.

After the story broke, Tesla was criticised on Twitter for using a weak cipher, though a member of the KU Leuven team appreciated Tesla for quickly responding to their report and fixing the issue,, on the same time, accused other vehicle makers using keyless entry tech from the same vendor and ignoring reports.

Tesla paid the KU Leuven team a $10,000 bounty and plans to add the researchers’ names to its Hall of Fame.

Source thehackernews

Banner Default Image

Latest Jobs