Researchers in Belgium Find Tesla Model S Can be Hacked by Cloning Key Fob

Home > News > Content

【Summary】Companies that use a similar keyless entry system, including Karma, McLaren, and Triumph (the motorcycle company), could be hacked by cloned key fobs.

Original Vineeth Joel Patel    Sep 16, 2018 4:30 PM PT
Researchers in Belgium Find Tesla Model S Can be Hacked by Cloning Key Fob

It all started in 2015 when hackers managed to remotely kill a Jeep Cherokee on the highway as the SUV was traveling a speed of 70 mph. The hacking started slowly, as Wired reported that the hackers remotely turned on the windshield wipers, altered the air conditioning, and changed the tunes on the radio before completely cutting the SUV's power. 

Since then, companies and states have taken measures to ensure that hackers won't be able to remotely control their vehicles or get access to confidential information. After a few notable hacking attempts – one by Norwegian security company Promon and another when hackers used a secure Amazon Web Services account to mine cryptocurrency – Tesla amped up its security. 

Keyless Entry System Is A Weak Spot

Unfortunately for Tesla, it looks like the electric car company needs to look at its keyless entry system. According to Wired, researchers at the KU Leuven University in Belgium are set to present a formal paper on how they managed to get into a Model S by cloning an owner's key fob. 

As the outlet lays out, the researchers got past the Model S encryption that's used in the vehicle's wireless key fobs by creating a system that can wirelessly read signals from a real fob. The researchers managed to do this with only $600 in radio and computing equipment. And apparently, it only took the equipment two seconds of computation for the system to grab the key fob's cryptographic key. This allowed the researchers to gain access to the EV without throwing off an alarm. 

"Today it's very easy for us to clone these key fobs in a matter of seconds," Lennert Wouters, one of the researchers at KU Leuven, told Wired. "We can completely impersonate the key fob and open and drive the vehicle." 

New Model S Sedans Are Safe

Oddly enough, Tesla introduced a new antitheft feature for the Model S earlier this month. The new feature included requiring drivers to insert a PIN code before being able to drive the vehicle. According to the automaker, if you purchased a Model S after June 2018, this type of hacking won't work on your electric vehicle – for everyone else, your Model S is vulnerable to an attack. 

As Wired points out, the Model S utilizes a keyless entry system that's built by Pektron, which uses a 40-bit cypher to encrypt key fobs. It took the researchers nine months of "on-and-off reverse engineering" to find that out, but once they did, they realized that they could gain codes from any key fob. After that, they computed all of the possible keys to find all of the combination of code pairs. This created a 6-terabyte table of pre-computed keys, states Wired. Together, the researchers claim that the table and the two codes help them clone any key fob in less than 2 seconds.  

In some more troubling news, the researchers also believe that vehicles sold by McLaren and Karma, as well as Triumph motorcycles could be hacked using the same system, as they also utilize key fobs by Pektron. 

Prev                  Next
Writer's other posts
    Related Content