Computer Security Experts Hack Tesla Model S Key Fob In Seconds


Apparently, attacking and cloning a Tesla Model S key fob took researchers only seconds.

A group of expert researchers at the Computer Security and Industrial Cryptography research group (COSIC) at the University of Leuven, Belgium recently exposed a security issue with keyless entry and vehicle-start technology used in Tesla vehicles. The group was able to unlock and start two Tesla Model S sedans by attacking and cloning the cars’ key fobs.

Pektron software produces the technology, which is also used by other brands like McLaren. The researchers confirmed that the system is much easier to hack than other similar technologies. This is because the hackers can perform the breach without being close to the cars and the key fob at the same time. You can watch them work their magic in the video above.

According to McLaren, this new research does prove a:

theoretical vulnerability in our vehicle security systems … (however it has) not been proven to affect our vehicles, and we know of no McLaren that has been compromised in such a way.

Nonetheless, the automaker has reached out to owners to make them aware of the potential flaw and is sending them a pouch to store the key fob in, which will block incoming signals.

Tesla was already made aware of the possible flaws and initiated a new “pin to drive” feature that lets owners set a pin, which must be entered to operate the vehicle. The researchers are suggesting that owners use the new feature and also turn off the Tesla’s passive entry system. The automaker also recently updated its Model S key fob to match the new technology found in the Tesla Model X.

Source: Autocar

Categories: Tesla, Videos


Leave a Reply

15 Comments on "Computer Security Experts Hack Tesla Model S Key Fob In Seconds"

newest oldest most voted

Clickbait that I’ve seen in other sites that specifically mentions Tesla in the title, but really the issue is with key fob technology in general and it affects many auto makers including others that have the vulnerability in their EV’s as well.

This is known as a man-in-the-middle attack and was articulated in the Tim Burton film Batman Returns. Same trick also works for garage door openers. The auto-unlock feature in the Tech. package is the problem and it breaks good cryptography habits. For the umpteenth time, everyone, please, turn that feature off, it’s not worth it.

So to hack my tesla you need to an expert computer hacker…. That’s a security enough :p

“This is why we can’t have nice things.”

Time to set code for driving, that was included in last Tesla software update, seen this before with a Mercedes!

Tesla cars needs to check for authentication round trip latency. If the software in the car insisted that the challenge response round trip needs to happen within 1 second, none of this would be possible.

Latency is a legitimate strategy with direct transmission, except that wireless can have attenuation problems, creating more delay because it is a play, wait, replay, respond situation. I think I’m going to write my thoughts not on public forums but actually to Tesla. This problem is solvable, and it doesn’t take a security expert to build it. OK, maybe it does take an expert to design it.

Totally agree. Modern computing can tell the latency down to the milli second, so if the 3ft latency is 3ms, then you can program the system to only unlock if the latency was 3ms or lower. Anything higher and you are too far away, so it doesn’t work. Set the ms latency to whatever reasonable distance you want the car to respond within.
It’s an interesting problem, for as long as I can remember car companies are working on better security, and everytime they come up with a solution that is better then the criminals find a way to defeat it pretty quickly.

just encrypt communication, much simpler

The repeater is not caring, or changing, the encryption, it just like boosting the signal. The exact same signal is being received by the car, it just doesn’t know the sender is 1mi away rather than 1ft away.

Exactly. It is like shouting “the PIN code to my automatic garage is 12345” every time you open your garage.
What you’re talking about is encrypting the line of communication, or the wireless signal. The authentication protocols associated with transport layer encryption are repeatable as authentication strategies to prevent this man-in-the-middle attack, so encrypting the line of communication is overdoing it.

So everyone who wants to steal a Tesla or any high end car has to be a Computer Expert and a Hacker to be able to steal that car? That Hacker has a Job waiting for him at any of those high end Car Company , all he has to do is demo his skills and he’s hired, why be a criminal when you can make money Legit?

Typically someone makes a device that does the work. The criminals doesn’t need to be that smart, Just know how to turn on the device. One sits next to you in the cafe, the other one is at your car and unlocks it. The two devices are relaying/boosting the signal from your key fob.
If the key fob had a power switch that allowed you to turn it off, this problem would mostly go away. We love our convenience so much we are too lazy to press a button (traditional key fob), instead we have the key fob constantly talking to the car waiting for a request to unlock. Pretty crazy when you think about it.

….or buy the kit from a hacker. Truth is no matter what we do to cars security wise someone will be able to steal it eventually.

It’s not even hardware. Maybe a better bluetooth antenna? It’s all software. laptop for sure.