Elon Musk started the day with some much-needed good news after Space X pulled off an early morning satellite launch without any troubles. The good news didn’t last long because on Monday afternoon security researchers went public with claims that Tesla’s keyless entry system is vulnerable to a spoofing hack that could give a sophisticated hacker an environmentally-friendly free ride.
Aside from being a pioneer in electric vehicles, Tesla is famous for fully embracing a digital driving experience. That includes keyless entry with a fob that is apparently hackable on the Model S using around $600 worth of equipment. Today, Wired reports that researchers at the KU Leuven University in Belgium are presenting the results of nine months of reverse-engineering work at the Cryptographic Hardware and Embedded Systems conference in Amsterdam. They claim their technique could open the car’s door and turn on the engine, enabling an attacker to make a getaway with the car that tends to go for around six figures.
According to Wired, the researchers discovered that the Model S key fob used a 40-bit cipher to encrypt the code transmitted to the vehicle’s radio receivers. This is relatively unsophisticated in encryption terms and is, unfortunately, a limit imposed by the fob’s processing power. The researchers found they could listen in to the radio ID that’s being constantly broadcasted from the car and relay it to the target’s key fob. They then had to listen for the fob’s response and intercept two return-broadcasts. Once they had two code examples, they were able to run them through a 6-terabyte table of pre-computed keys and acquire the code they needed to break into the car in under two seconds.
Tesla has already addressed this issue with an option that should’ve been available in the first place. A software update was recently pushed out that enables a driver to add a pin code that must be entered with the key fob present in order to start the car. Anyone who owns a Tesla Model 3 that was shipped after June should be fine, according to the report. But if you own a model that shipped before that time, you should definitely turn on the two-factor authentication and contact Tesla for a replacement key fob with stronger encryption.
We reached out to Tesla for comment on the report and to ask about the cost of replacement fobs but did not receive an immediate reply.
UPDATE: Tesla informed us that replacement key fobs cost $150. A Tesla spokesperson sent the following statement regarding the discovery of the vulnerability:
Due to the growing number of methods that can be used to steal many kinds of cars with passive entry systems, not just Teslas, we’ve rolled out a number of security enhancements to help our customers decrease the likelihood of unauthorized use of their vehicles. None of these options would be possible for any traditional automaker – our ability to update software over the air to improve functionality and security is unique. Based on the research presented by this group, we worked with our supplier to make our key fobs more secure by introducing more robust cryptography for Model S in June 2018. A corresponding software update for all Model S vehicles allows customers with cars built prior to June to switch to the new key fobs if they wish. In addition, we had already been working on several other over-the-air updates to help protect our customers from thefts – last year we introduced an update that allows all customers to turn off passive entry entirely, and this year we introduced PIN to Drive, which allows customers to set a unique PIN that needs to be entered before their vehicle is driven.
We would like to thank this research team for participating in our bug bounty program, and look forward to recognizing them in our Hall of Fame.