Tesla Model S Key Fobs are vulnerable to hackers


Tesla, the American automobile company which produces electric cars is in news for all wrong reasons these days. News is out that Tesla’s Model S Key fobs are vulnerable to hackers as their encryption code is easy to guess and access.

To those who aren’t aware of what the Tesla’s Key Fobs do, they are simply remote control devices which enable keyless entry for the drive by sending a secret cryptographic encryption/decryption code to the car’s radio to trigger it to unlock and disable its immobilizer, allowing the car’s engine to start.

In a study made by researchers from KU Leuven University in Belgium, it was discovered that the signals sent by the key fobs can be easily cloned in just a couple of seconds, making it easy for the hacker to open/close a car door or help thieves in driving away cars from their respective parking zones.

Devices which were used in the hack were simple equipment like a Yard Stick One Radio, Proxmark Radio, and a Raspberry Pi Mini computer- costing just $600 to buy them all.

It’s said that the study made by the researchers discovered that the fobs being provided by Tesla use a 40-bit cipher to break into the codes which can be guessed using certain permutation and combinations of cryptographic keys until the right one is found. For this, a 6 TB table of pre-computed keys can be used in a digital format which hardly takes only 1.9 seconds to guess the right one by the hacker.

Tesla immediately reacted to the study results and stated that it has already worked with its key fob supplier in this regard to make the keys more secure by introducing more robust cryptography for Model S in June 2018.

So, all those key fobs which were manufactured prior to June 2018 for Model S Vehicle’s can go for a software update or switch to the new fobs if they wish.

Cybersecurity Insiders learned that the researchers from the KU Leuven University reported the vulnerability to Tesla in 2017. And they were paid $10,000 as a reward for finding the bug. It’s said that the company did not fix the flaw till June 2018, which made the researchers issue a media update to those Model S users who aren’t aware of the cyber threat.

Note- Tesla Model S cars are either full-sized or mid-sized all five electric door vehicles produced by Tesla Inc since June 2012. The official running range of the 2017 Tesla Model S 100D is 335 miles with a battery pack of 100 kWh. Tesla cars are ranked second on the list of most sold electric cars in history after Nissan Leaf.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display