However, despite all of the bells and whistles, researchers armed with a few hundred USD worth of radio equipment have found a weak point: The car’s key fob. In just a few seconds the device can be cloned, giving the thieves full control of your vehicle.
Vulnerability found in key fob
Researchers at the Computer Security and Industrial Cryptography (COSIC) group of KU Leuven University in Belgium were the ones to discover – and reveal – this attack. To open a Tesla Model S a keyless system is used: An encrypted signal is sent to the car’s radio without driver intervention which unlocks the doors and allows the engine to start. However, the researchers at KU Leuven found that the keyless entry system, built by manufacturer Pektron, used a weak cipher to encrypt the signals in question.
The researchers found that after gaining at least two codes from any given fob they could try every possible cryptographic key until the matching one was found. Through this data a massive, 6 terabyte, table was generated containing all possible key combinations. With the table and any two codes the researchers claim to be able to spoof any key in 1.6 seconds.
“Today it’s very easy for us to clone these key fobs in a matter of seconds. We can completely impersonate the key fob and drive the vehicle”, researcher Lennert Wouters stated in an interview with Wired.
$10,000 bounty awarded
Tesla was made aware of the issue last year and the researchers were awarded a $10000 bounty. The car manufacturer upgraded the weak encryption in June of 2018. Another security layer was added in the shape of an optional PIN just last month. A video of the attack in action can be seen below.
For other automotive security news see 14 vulnerabilities found in new BMW cars.