Your Tesla Model S Could Be Gone in 1.6 Seconds
If you have a Tesla Model S parked in your garage, pay careful attention to this news. A group of cybersecurity researchers from the Computer Security and Industrial Cryptography (COSIC) group of the University Leuven hacked a Tesla car in 1.6 seconds and successfully drove away with the vehicle.
The researchers carried out the hacking demonstration in order to prove the weakness of the 40-bit encryption cipher used by the car manufacturer to protect their key FOBs. COSIC researchers assembled a 6-terabyte table of codes in order to break the encryption and then bought two radios and a Raspberry Pi computer costing $600. They then searched for a nearby Tesla Model S, cloned the car’s key FOB, opened the car doors, and drove away with the vehicle.
According to one of the researchers named Lennert Wouters, “ Today it’s very easy for us to clone these key fobs in a matter of seconds. We can completely impersonate the key fob and open and drive the vehicle.”
Tesla’s security tech works primarily through the key FOB. The key FOB sends a secret encrypted code to the car and the radios inside the Tesla unlocks the doors and starts the engines. The research team from the University of Leuven spent 9 months reverse engineering the keyless entry tech and found out that the supplier for the security feature, Pektron, only used a 40-bit cipher to protect those keys.
One of the researchers claimed that someone in Pektron has made a foolish decision to use protection that weak.
The team performed the field research as a proof-of-concept and after finding their experiment successful, they contacted Tesla around April 2017 about the vulnerability they uncovered. Tesla patched the vulnerability a year later by June 2018. The car manufacturer, in turn, rewarded the team with a $10,000 bug hunting bounty as well as Hall of Fame honors for their team.
Julia Sowells374 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.