Tesla Model S Key Fob Cloned by Thieves

FILE: The headlight of a Tesla Inc. Model S P100D sedan vehicle is seen at the company's new showroom in New York, U.S., on Thursday, Dec. 14, 2017. For BMW AG, Tesla Inc. and other global automakers whose future is ever-more dependent on Chinas burgeoning market, any gains from lower import tariffs this week will likely be short-lived -- thanks to President Donald Trumps trade war. Unless President Trump backs down, on July 6 the U.S. will impose tariffs on $34 billion of Chinese imports, many of them parts used in products such as marine engines and power turbines. China will impose countervailing levies the same day -- including on U.S.-manufactured cars. Our editors select archive images of the leading brands affected by the trade war. Photographer: Mark Kauzlarich/Bloomberg via Getty Images

All things are hackable … and Tesla is no exception.

Tesla may be more security-conscious than many car manufacturers, but it’s still vulnerable to the occasional glaring exploit. KU Leuven researchers have detailed a technique that let them bypass the encryption on Tesla’s key fob for the Model S, making it trivial to clone the key, get inside and start the vehicle. They discovered that the fobs used an easy-to-crack 40-bit cipher to safeguard the codes. Once they got two codes from a specific fob, they only had to try using encryption keys until they discovered the one that unlocked the EV. From there, the researchers created a data table for code pairs that would let them find the encryption key for cloning any Model S fob.

 

 

Once you have those resources at your disposal, it’s not hard to get into a vehicle. You only need about $600 in equipment (a Raspberry Pi, two radios, batteries and a portable drive to store the key tale) and 1.6 seconds to get through.

Thankfully, this attack shouldn’t work now. Model S cars made from June onward have tougher encryption that won’t fall prone to the attack, and a software update lets customers with older cars switch to more secure fobs if they want. Also, Tesla introduced an optional feature in August that requires you to enter a PIN code on the touchscreen to start the vehicle — intruders might get in, but they won’t be going anywhere. KU Leuven said it informed Tesla about the issue in August 2017, but the automaker noted that it took a while to verify the research, create the fix and roll it into the company’s manufacturing systems.

The issue isn’t that there’s an active security risk, then. Rather, it’s that the fobs (produced by Pektron) were vulnerable to start with. And Tesla is just the most prominent affected brand, not the only one. The team believes that machines from McLaren, Karma and Triumph might be susceptible, although their key systems haven’t been tested. These findings are ultimately a reminder to the entire automotive industry that security is increasingly important for modern cars, especially with something as important as the key.

Source: Wired via Engadget

 

Videos

08:54
06:40
1/224

Latest Headlines

About Winston 2760 Articles
Winston has over 20 years of experience in the I.T. Industry. He launched Funky Kit with the aim to capture a wider audience worldwide. His knowledge in PC hardware is very distinguished, not only publishing enjoyable reviews but also writing great articles.