Latest in Gear

Image credit: Mark Kauzlarich/Bloomberg via Getty Images

Thieves could have cloned Tesla's Model S key fob

The issue has since been fixed, but it was disconcertingly easy.
299 Shares
Share
Tweet
Share
Save

Sponsored Links

Mark Kauzlarich/Bloomberg via Getty Images

Tesla may be more security-conscious than many car manufacturers, but it's still vulnerable to the occasional glaring exploit. KU Leuven researchers have detailed a technique that let them bypass the encryption on Tesla's key fob for the Model S, making it trivial to clone the key, get inside and start the vehicle. They discovered that the fobs used an easy-to-crack 40-bit cipher to safeguard the codes. Once they got two codes from a specific fob, they only had to try using encryption keys until they discovered the one that unlocked the EV. From there, the researchers created a data table for code pairs that would let them find the encryption key for cloning any Model S fob.

Once you have those resources at your disposal, it's not hard to get into a vehicle. You only need about $600 in equipment (a Raspberry Pi, two radios, batteries and a portable drive to store the key tale) and 1.6 seconds to get through.

Thankfully, this attack shouldn't work now. Model S cars made from June onward have tougher encryption that won't fall prone to the attack, and a software update lets customers with older cars switch to more secure fobs if they want. Also, Tesla introduced an optional feature in August that requires you to enter a PIN code on the touchscreen to start the vehicle -- intruders might get in, but they won't be going anywhere. KU Leuven said it informed Tesla about the issue in August 2017, but the automaker noted that it took a while to verify the research, create the fix and roll it into the company's manufacturing systems.

The issue isn't that there's an active security risk, then. Rather, it's that the fobs (produced by Pektron) were vulnerable to start with. And Tesla is just the most prominent affected brand, not the only one. The team believes that machines from McLaren, Karma and Triumph might be susceptible, although their key systems haven't been tested. These findings are ultimately a reminder to the entire automotive industry that security is increasingly important for modern cars, especially with something as important as the key.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
299 Shares
Share
Tweet
Share
Save

Popular on Engadget

Nissan envisions car-themed esports gaming chairs

Nissan envisions car-themed esports gaming chairs

View
AI can gauge the risk of dying from heart conditions

AI can gauge the risk of dying from heart conditions

View
OnePlus 7T Pro may debut on October 10th

OnePlus 7T Pro may debut on October 10th

View
'Minecraft' now has 112 million players per month

'Minecraft' now has 112 million players per month

View
Central banks to question Facebook over Libra cryptocurrency

Central banks to question Facebook over Libra cryptocurrency

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr