Tesla's Keyless Entry Vulnerable To Spoofing Attack, Researchers Find

An anonymous reader quotes a report from The Verge: Researchers at KU Leuven have figured out a way to spoof Tesla's key fob system, as first reported by Wired. The result would let an attacker steal a Tesla simply by walking past the owner and cloning his key. The attack is particularly significant because Tesla pioneered the keyless entry concept, which has since spread to most luxury cars. This particular attack seems to have only worked on Model S units shipped before June, and in an update last week, Tesla pushed out an update that strengthened the encryption for the remaining vehicles. More importantly, the company added the option to require a PIN password before the car will start, effectively adding two-factor to your car. Tesla owners can add the PIN by disabling Passive Entry in the "Doors & Locks" section of "Settings."

The attack itself is fairly involved. Because of the back-and-forth protocol, attackers would first have to sniff out the car's Radio ID (broadcast from the car at all times), then relay that ID broadcast to a victim's key fob and listen for the response, typically from within three feet of the fob. If they can do that back-and-forth twice, the research team found they can work back to the secret key powering the fob's responses, letting them unlock the car and start the engine.

If you can do a walk-by clone...

[gweihir]

...then these people really, really, really screwed up. Like absolutely clueless about security. Unfortunately, that seems to be the standard with most EEs doing security these day.

If only this worked with all keyless entry systems

[WillAffleckUW]

Oh.

Wait.

It does.

Re:In house crypto

[im_thatoneguy]

Wasn't in-house Tesla. Looks like they used an off-the-shelf solution which is vulnerable in several manufacturer's vehicles. But "Tesla" pushes clicks more than "Mercedes keyless entry..."