Tesla Model S Hack Could Let Thieves Clone Key Fobs to Steal Cars
Despite having proper security measures in place to protect the driving systems of its cars against cyber attacks, a team of security researchers discovered a way to remotely hack a Tesla Model S luxury sedans in less than two seconds.
A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group of the Department of Electrical Engineering at the KU Leuven University in Belgium has demonstrated how it break the encryption used in Tesla's Model S wireless key fob.
With $600 in radio and computing equipment that wirelessly read signals from a nearby Tesla owner's fob, the team was able to clone the key fob of Tesla's Model S, open the doors and drive away the electric sports car without a trace, according to Wired.
"Today it’s very easy for us to clone these key fobs in a matter of seconds," Lennert Wouters, one of the KU Leuven researchers, told Wired. "We can completely impersonate the key fob and open and drive the vehicle."
However, the KU Leuven researchers found that Tesla uses a keyless entry system built by a manufacturer called Pektron, which uses a weak 40-bit cipher to encrypt those key fob codes.
The researchers made a 6-terabyte table of all possible keys for any combination of code pairs, and then used a Yard Stick One radio, a Proxmark radio, and a Raspberry Pi mini-computer, which cost about $600 total—not bad for a Tesla Model S though—to capture the required two codes.
With that table and those two codes, the team says it can calculate the correct cryptographic key to spoof any key fob in just 1.6 seconds.
The team reported the issue to Tesla last year, but the company addressed it in June 2018 by upgrading the weak encryption. Last month, the company also added an optional PIN as an additional defense.
After the story broke, Tesla was criticised on Twitter for using a weak cipher, though a member of the KU Leuven team appreciated Tesla for quickly responding to their report and fixing the issue,, on the same time, accused other vehicle makers using keyless entry tech from the same vendor and ignoring reports.
Tesla paid the KU Leuven team a $10,000 bounty and plans to add the researchers’ names to its Hall of Fame.
Source thehackernews
Latest Jobs
-
- IT Cyber Security Recruitment Consultant – Hot Desk
- Beckenham
- Dependent on Experience
-
We are looking for an IT Cyber Security Recruitment Consultant – Hot Desk who has cybersecurity recruitment experience, with a track record of success. Most of the roles you will be required to recruit for will be within the salary region of £50k - £300k, experience placing candidates at this level is desirable. Responsibilities: To provide a consistent, high-quality level of service to new and current clients in order to build a long term working relationships with clients. Detailed, consultative approach to calling passive candidates in order to profile them in detail, against set criteria of skills and experience given to you by your client Achieve and exceed sales targets. Self-manage your daily tasks in order to make sure that the following day will be as successful as possible Have a structured approach with a solution selling ability as the sales cycles are not as quick.
-
- Principal Mechanical Engineer
- London
- Up to £90,000 Base + Bonus
-
Principal Mechanical Engineer Location: London Salary: Up to £90,000 Base + Bonus A Principal Mechanical Engineer is needed for a state of the art, London based Data Centre provider. The Principal Mechanical Engineer will be responsible for all of the Mechanical components (support, development/design etc.) within our clients Data Centre’s. Other responsibilities include but not limited to; Commissioning, approving, design & review/improvement of new data centre infrastructure Commercial’s (Contract negotiation, project finances etc.) Project management Training/Development of other staff General engineering tasks Requirements HND / Degree in Engineering or equivalent. Must have current/recent experience (ideally in a senior position) within a mechanical/electrical position ideally within a DC or Consultancy background Candidates must be UK based and unfortunately, our client are unable to provide sponsorship Ref: PG7608 (M&E Jobs, Mechanical & Electrical Jobs, Engineering Jobs, Data Centre Jobs, Data Center Jobs)
-
- Carrier Service Manager / Access Delivery manager
- London
- Up to £70,000 Base + 10% Bonus + Benefits
-
An Access Delivery Manager (Carrier Service Manager) is required for this Global services provider, to be responsible for vendor management across the European region and to manage the purchasing and delivery of 3rd party Access. Your key responsibility will be to conduct regular service reviews with key providers across the region, provide performance feedback, prepare & present vendor balanced scorecards, drive action plans for improvements and drive the vendor profile management strategy. Alongside the access management, you will act as the services manager to the 3rd party suppliers ensuring that the services being offered are being delivered as sold. If you are interested in this position, you will need the background from a telecoms provider where you have had experience of dealing with 3rd party suppliers, negotiating access services. It is key that you have a relationship with international carriers. Ref RA7293 (Telecoms Jobs, Telecommunications Jobs, Telecommunications Jobs in London)
-
- Cloud Sales Specialist
- London
- Up to £100,00 Base + Double OTE
-
DCL are currently working on behalf one of the fastest growing service providers in London who are on the look out for a Cloud Sales Specialist. The Cloud Sales Specialist will be responsible for selling (opening and closing new business opportunities new business) and being the SME in all things Cloud providing support to other members in the sales team. Preference will be given to the Cloud Sales Specialist who possesses Exceptional knowledge of Cloud Technology (Public / Private / Hybrid.). Proven sales experience of identifying and closing new business within the Cloud market. Must be currently selling into the enterprise market. Consistency on tenure in current and past roles. New business background is a must In return you will be working for a successful, growing SME organisation with excellent sales support from pre-sales, post-sales, project management, service management, bid management, pricing and customer service. Reference Number: BD7588 (Cloud Sales Jobs, Cloud Computing Jobs, Cloud Computing Sales)