Security experts have discovered a loophole in Tesla’s software that lets tech-savvy thieves clone a key fob of a Model S remotely without the owner knowing any better.
A team from KU Leuven University in Belgium found out flaws in the Passive Keyless Entry and Start (PKES) system which is used to unlock and start the motor. According to the team, the PKES system can be hacked in less than two seconds. The findings were presented through a paper at the Cryptographic Hardware and Embedded Systems conference in Amsterdam. Other companies like McLaren Automotive are also likely to be impacted by the findings since the fob system was not produced in-house by Tesla. The American EV maker purchased the technology from a vendor called Pektron which allegedly uses a rather basic encryption protocol to secure the key fobs.
“To show the practical nature of the proposed attack, we implemented a Proof of Concept (PoC) attack which allows (us) to clone a key fob in a few seconds, “ the report read. “The attacker device consists of a Raspberry Pi 3 Model B+, Proxmark3, Yard Stick One and a USB battery pack.” The total cost of the hardware comes to less than $600.
“Today it’s very easy for us to clone these key fobs in a matter of seconds,” says Lennert Wouters, a KU Leuven researcher. “We can completely impersonate the key fob and open and drive the vehicle.” The loophole was presented to Tesla last summer. The company awarded the researchers with a $10,000 bounty as a reward for discovering the vulnerability, later rectifying the issue using a software patch. This incident just goes to show the irony of technology. As advanced a technology gets, there start appearing more and more ways to confound it. Cars which rely more on digital tech than analog are especially vulnerable to cyber attacks.
In the video below, watch as the researchers play out an attack to clone the key fob to a Tesla Model S in four phases, hacking the car in less than two minutes.