WSTale » Science » Researchers find a Model S key fob can be hacked in just TWO SECONDS

Science

Researchers find a Model S key fob can be hacked in just TWO SECONDS

Lottie Casas September 11, 2018

Security researchers find a Model S key fob can be hacked in just TWO SECONDS

Security experts urge Tesla owners to use two-factor authentication after researchers show a Model S key fob can be hacked in just TWO SECONDS

  • University researchers discovered a worrying flaw in Tesla’s Model S key fobs
  • They were able to hack open the key fob by figuring out its encrypted codes
  • In doing so, they could unlock the car, turn the engine on and drive the car away
  • Tesla says it has since fixed the issue by fixing it in cars produced after June 2018, as well as releasing upgraded key fobs with stronger encryption features
  • e-mail

12

View
comments

Security researchers have discovered a worrying hack that allows them to access a Tesla key fob remotely. 

In a new study, researchers from KU Leuven University in Belgium, describe a technique where they cloned a signal from a Model S key fob in fewer than two seconds.

This would allow a savvy hacker to open the car door and simply drive away. 

Scroll down for video


In a new study, researchers from KU Leuven University in Belgium, describe a technique where they cloned a signal from a Tesla Model S key fob in fewer than two seconds

What’s more, the researchers carried out the attack using a few pieces of equipment. 

They used a Yard Stick One radio, Proxmark radio and a Raspberry Pi mini-computer, all of which cost about $600 total. 

Tesla’s key fobs use a common system to work wirelessly: The fobs communicate with a reader in the car using an encrypted code and a cryptographic key, which triggers the car to unlock.

  • From a caterpillar into a butterfly! Incredible plans are… A lunar photobomb: NASA spacecraft captures moment the moon… Can YOU tell which one is real? Creepy AI transfers facial… Electric-powered inner-city ‘air taxis’ that fly at…

Share this article

This also disables the car’s immobilizer, or a security device that prevents the engine from running, unless the necessary key is nearby, which allows the car’s engine to start.  

Researchers discovered that the fobs use a 40-bit cipher to encrypt the codes. After they discovered the two codes, they tried a slew of cryptographic keys until they found the right one. 

From there, they created a 6-terabyte table of pre-computed keys that allowed them to hack almost any Tesla key fob in just 1.6 seconds, according to Wired. 

https://youtube.com/watch?v=aVlYuPzmJoY%3Ffeature%3Doembed

‘Today, it’s very easy for us to clone these key fobs in a matter of seconds,’ Lennert Wouters, one of the KU Leuven researchers, told Wired. 

‘We can completely impersonate the key fob and open and drive the vehicle.’  

Tesla owners shouldn’t be too worried, however, because the firm said it has fixed the vulnerability. 

‘Due to the growing number of methods that can be used to steal many kinds of cars with passive entry systems, not just Teslas, we’ve rolled out a number of security enhancements to help our customers decrease the likelihood of unauthorized use of their vehicles,’ Tesla said in a statement, according to Wired. 

‘Based on the research presented by this group, we worked with our supplier to make our key fobs more secure by introducing more robust cryptography for Model S in June 2018.

‘A corresponding software update for all Model S vehicles allows customers with cars built prior to June to switch to the new key fobs if they wish,’ the firm added.  


Tesla’s key fobs use a common system to work wirelessly: The fobs communicate with a reader in the car using an encrypted code and a cryptographic key, which triggers the car to unlock

The KU Leuven researchers first reported the vulnerability to Tesla in 2017 and the firm paid them a $10,000 bounty for finding the bug. 

But the company didn’t fix it until June 2018. 

Additionally, if consumers don’t pay to replace their key fob with a version that includes stronger encryption tools, there’s still a chance they could be hit with the hack. 

Tesla also rolled out an optional ‘PIN to Drive’ feature two weeks ago, which requires a driver to enter a PIN code that’s displayed on the dashboard in order to drive the vehicle. 

Again, however, Model S owners have to turn on the feature in order to be safeguarded from the key-cloning method.   

How do thieves steal your car without the keys? The hi-tech ‘relay’ gadget that uses signals to unlock vehicles parked outside homes

What is relay theft? 

Theft relay occurs when two thieves work together to break into cars which have keyless entry systems.

The thieves can use equipment to capture signals emitted by certain keys which are used to start new vehicles.

One thief stands by the car with a transmitter, while the other stands by the house with another, which picks up the signal from the key which is usually kept near the front door on a table or hook.

This is then relayed to the other transmitter by the vehicle, causing it to think the key is in close proximity and prompting it to open. Thieves can then drive the vehicle away and quickly replace the locks and entry devices.

Technically, any vehicle with keyless entry could be vulnerable to relay theft. 

These included cars from BMW, Ford, Audi, Land Rover, Hyundai, Volkswagen and Mercedes cars.

How can you protect your vehicle against relay theft?

According to research by the Institute of the Motor Industry, over half of motorists are worried their car could be accessed and stolen by remote thieves.

Fifty per cent of people surveyed weren’t aware that their car might be vulnerable to cyber attacks, and while drivers shouldn’t become paranoid about the safety of their car it’s always a good idea to take precautions.

This has long been a necessary precaution in order to avoid car theft, but it’s important to make sure that your key is as far from the front door as possible so its signal can’t be picked up.

As hacking devices get more sophisticated, they may be able to pick up signals from further away.

This may seem a bit excessive, but a metal box could be the best place to store your keys overnight as the metal could block the signal being detected.

Lorna Connelly, head of claims at Admiral said: ‘Unfortunately, we do see a claims from customers who have had their cars stolen due to relay theft and it’s a problem that we would advise motorists with keyless cars to be aware of.

‘Despite progresses in anti-theft technology, thieves are always coming up with new ways to make off with your vehicle.

‘We are urging all of our customers to keep their keys a safe distance from the door and consider storing them in a metal box. While this may seem like an extreme solution, relay theft is an extreme practice.’

SOURCE: Admiral

Source: Read Full Article