Monday September 10, 2018

Tesla Key Fob Security Allows for a Hacker to Steal a Car in Less Than 30 Seconds

Tesla has updated their key fob technology and added a pin code on the Tesla Model S to counter a new hack discovered by researchers at the KU Leuven University in Belgium, that allows a car thief to steal a Tesla in less than 30 seconds. Basically the Pektron keyless entry system on Tesla and other cars only uses a 40-bit cipher to encrypt key fob codes. After learning the two codes from a key fob, they were able to compute all the possible keys for any combination of code pairs. Then they could spoof any Tesla key fob in less than 2 seconds. The parts to recreate the hack costs $600 and owners of older Model S cars will need to purchase an updated key fob. The researchers believe that the system will work against McLaren, Karma and Triumph motorcycles.

If those other manufacturers are indeed affected, beyond putting keys in those "signal-blocking pouches"--Faraday bags that block radio communications--just how all of them might definitively fix the problem is far from clear. The researchers say that the companies would likely have to replace every vulnerable key fob, as well as push out a software update to affected vehicles. Unlike Tesla, whose cars receive over-the-air updates, that might not be possible for other manufacturers' vehicles.

Discussion