Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tesla's Keyless Entry Vulnerable To Spoofing Attack, Researchers Find (theverge.com)

Posted by BeauHD on from the if-there's-a-will-there's-a-way dept.

An anonymous reader quotes a report from The Verge: Researchers at KU Leuven have figured out a way to spoof Tesla's key fob system, as first reported by Wired. The result would let an attacker steal a Tesla simply by walking past the owner and cloning his key. The attack is particularly significant because Tesla pioneered the keyless entry concept, which has since spread to most luxury cars. This particular attack seems to have only worked on Model S units shipped before June, and in an update last week, Tesla pushed out an update that strengthened the encryption for the remaining vehicles. More importantly, the company added the option to require a PIN password before the car will start, effectively adding two-factor to your car. Tesla owners can add the PIN by disabling Passive Entry in the "Doors & Locks" section of "Settings."

The attack itself is fairly involved. Because of the back-and-forth protocol, attackers would first have to sniff out the car's Radio ID (broadcast from the car at all times), then relay that ID broadcast to a victim's key fob and listen for the response, typically from within three feet of the fob. If they can do that back-and-forth twice, the research team found they can work back to the secret key powering the fob's responses, letting them unlock the car and start the engine.

2 of 100 comments (clear)

  1. Pioneered what? by Anonymous Coward · · Score: 5, Informative

    "The attack is particularly significant because Tesla pioneered the keyless entry concept, which has since spread to most luxury cars. "

    What kind of propaganda bullshit is this?

    Le'ts see what Wikipedia says:

    The remote keyless systems using a handheld transmitter first began appearing on the French made Renault Fuego in 1982,[2] and as an option on several American Motors vehicles in 1983, including the Renault Alliance. The feature gained its first widespread availability in the U.S. on several General Motors vehicles in 1989.[citation needed]

    https://en.wikipedia.org/wiki/...

    Stop drinking the Flavoraid*.

    *Historically accurate if you look it up.

  2. Re:If only this worked with all keyless entry syst by AmiMoJo · · Score: 5, Informative

    No it doesn't. The problem here is not just that you can unlock the car, it's that you can recover the secret key and make a duplicate key. Then you can start and drive the car all you like, access it whenever you want rather then just once.

    Not sure what this claim about Tesla pioneering keyless entry in the summary is either. Lots of cars had it long before Tesla came along.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC