Elon Musk started the week with some much-needed good news after Space X pulled off a satellite launch without any troubles. The good news didn’t last long however, because today security researchers went public with claims that Tesla’s keyless entry system is vulnerable to a spoofing hack that could give a sophisticated hacker an environmentally-friendly free ride.
Aside from being a pioneer in electric vehicles, Tesla is famous for fully embracing a digital driving experience. That includes keyless entry with a fob that is apparently hackable on the Model S using around $US600 ($843) worth of equipment.
Today, Wired reports that researchers at the KU Leuven University in Belgium are presenting the results of nine months of reverse-engineering work at the Cryptographic Hardware and Embedded Systems conference in Amsterdam. They claim their technique could open the car’s door and turn on the engine, enabling an attacker to make a getaway with the car that tends to go for around six figures.
According to Wired, the researchers discovered that the Model S key fob used a 40-bit cipher to encrypt the code transmitted to the vehicle’s radio receivers. This is relatively unsophisticated in encryption terms and is, unfortunately, a limit imposed by the fob’s processing power.
The researchers found they could listen in to the radio ID that’s being constantly broadcasted from the car and relay it to the target’s key fob. They then had to listen for the fob’s response and intercept two return-broadcasts. Once they had two code examples, they were able to run them through a six-terabyte table of pre-computed keys and acquire the code they needed to break into the car in under two seconds.
Tesla has already addressed this issue with an option that should’ve been available in the first place. A software update was recently pushed out that enables a driver to add a pin code that must be entered with the key fob present in order to start the car.
Anyone who owns a Tesla Model 3 that was shipped after June should be fine, according to the report. But if you own a model that shipped before that time, you should definitely turn on the two-factor authentication and contact Tesla for a replacement key fob with stronger encryption.
We reached out to Tesla for comment on the report and to ask about the cost of replacement fobs but did not receive an immediate reply.