Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tesla's Keyless Entry Vulnerable To Spoofing Attack, Researchers Find (theverge.com)

Posted by BeauHD on from the if-there's-a-will-there's-a-way dept.

An anonymous reader quotes a report from The Verge: Researchers at KU Leuven have figured out a way to spoof Tesla's key fob system, as first reported by Wired. The result would let an attacker steal a Tesla simply by walking past the owner and cloning his key. The attack is particularly significant because Tesla pioneered the keyless entry concept, which has since spread to most luxury cars. This particular attack seems to have only worked on Model S units shipped before June, and in an update last week, Tesla pushed out an update that strengthened the encryption for the remaining vehicles. More importantly, the company added the option to require a PIN password before the car will start, effectively adding two-factor to your car. Tesla owners can add the PIN by disabling Passive Entry in the "Doors & Locks" section of "Settings."

The attack itself is fairly involved. Because of the back-and-forth protocol, attackers would first have to sniff out the car's Radio ID (broadcast from the car at all times), then relay that ID broadcast to a victim's key fob and listen for the response, typically from within three feet of the fob. If they can do that back-and-forth twice, the research team found they can work back to the secret key powering the fob's responses, letting them unlock the car and start the engine.

14 of 100 comments (clear)

  1. Pioneered what? by Anonymous Coward · · Score: 5, Informative

    "The attack is particularly significant because Tesla pioneered the keyless entry concept, which has since spread to most luxury cars. "

    What kind of propaganda bullshit is this?

    Le'ts see what Wikipedia says:

    The remote keyless systems using a handheld transmitter first began appearing on the French made Renault Fuego in 1982,[2] and as an option on several American Motors vehicles in 1983, including the Renault Alliance. The feature gained its first widespread availability in the U.S. on several General Motors vehicles in 1989.[citation needed]

    https://en.wikipedia.org/wiki/...

    Stop drinking the Flavoraid*.

    *Historically accurate if you look it up.

    1. Re:Pioneered what? by divide+overflow · · Score: 2
      Apparently Tesla keyless driving is a bit different from what you're referencing:

      TESLA KEYLESS DRIVING

      Keyless Driving is a feature that allows one to power up and drive the Model S without using the factory key fob. In fact the key fob doesn’t even need to be in possession as all you need is a smart phone (with Tesla Model S app installed) and connectivity to the internet.

    2. Re:Pioneered what? by divide+overflow · · Score: 2

      Whatever. Give your horse a carrot, grumpy.

    3. Re:Pioneered what? by divide+overflow · · Score: 2

      So to drive your car you just need:

      1. Your smart phone (with enough battery to last your trip) and 2. Connectivity to the internet.

      Nope, can't see any problem there.

      Or...wait for it...use the fob. What? Too many choices?

  2. Re:Pedant mode ON by divide+overflow · · Score: 2

    engine
    enjn
    noun
    1. A machine with moving parts that converts power into motion.
    synonyms: motor, machine, mechanism

  3. If you can do a walk-by clone... by gweihir · · Score: 3, Insightful

    ...then these people really, really, really screwed up. Like absolutely clueless about security. Unfortunately, that seems to be the standard with most EEs doing security these day.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. If only this worked with all keyless entry systems by WillAffleckUW · · Score: 4, Insightful

    Oh.

    Wait.

    It does.

    --
    -- Tigger warning: This post may contain tiggers! --
  5. Tesla pioneered the keyless entry concept, by JustNiz · · Score: 2

    No, they really didn't.
    Keyless Entry / Go was introduced first by Mercedes-Benz in the S-Class car series in 1998. It was being pretty widely used in quite a few luxury brands before 2003 when Tesla was founded.

    1. Re: Tesla pioneered the keyless entry concept, by jrumney · · Score: 2

      That was push button keyfobs. I'm pretty sure the GP, and TFA are talking about the keyfobs that transmit without any button needing to be pressed, so you don't even need to remove them from your pocket or bag. I remember them being advertised as a feature on quite ordinary cars in the mid 2000s, so 1998 Mercedes S class sounds plausible for a first appearance. Certainly they were around before Tesla had sold any cars.

  6. Re:In house crypto by im_thatoneguy · · Score: 3, Insightful

    Wasn't in-house Tesla. Looks like they used an off-the-shelf solution which is vulnerable in several manufacturer's vehicles. But "Tesla" pushes clicks more than "Mercedes keyless entry..."

  7. Re:Who pioneered keyless entry? by scdeimos · · Score: 2

    Renault had RKES on their Fuego in the 1980's.

  8. Re:If only this worked with all keyless entry syst by AmiMoJo · · Score: 5, Informative

    No it doesn't. The problem here is not just that you can unlock the car, it's that you can recover the secret key and make a duplicate key. Then you can start and drive the car all you like, access it whenever you want rather then just once.

    Not sure what this claim about Tesla pioneering keyless entry in the summary is either. Lots of cars had it long before Tesla came along.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  9. Re:The Horror! by michelcolman · · Score: 2

    You are right that keyless entry without requiring any button press is a bad idea. I don't understand the added value, why is it so hard to just put your hand into your pocket, feel for the fob, and press the button? Why does anyone want their car to automatically unlock as they are passing by? When you're standing next to your car, anyone can just open your door right away! I want my car to unlock when I tell it to unlock, not whenever I happen to be nearby.

    But if I'm not mistaken, that's an option in the Tesla settings menu anyway. So anyone with common sense can just set it to require a fob button press.

  10. "Starting" an EV vehicle ; clutch by DrYak · · Score: 2

    "Starting" an EV is actually bringing all the systems up, waking up the onboard computers, usually performing some self diagnostics (mostly of the lithium battery), re-engaging some systems (is several cars, reportedly in Teslas too, the lithium battery can be shut off for safety and isolation, the computer runs out of secondary lead battery) (The power inverter running the motor is similarly shut off in most cars), and unlock a few stuff (steering lock).
    It's closer to what your laptop performs when brought out of suspend mode, than what an ICE does when starting.

    i.e.: "Starting" is make the car ready to drive.

    But unlike an ICE vehicle, the motor doesn't start to purr constantly. The electrical motor will only start turning if you press the accelerator pedal.

    Though it's extremely fast on most cars (a couple of seconds of self-diagnostic), some manufacturers like Tesla might already do as you approach the car, so you can simply enter and hit the accelerator.

    Also regarding the question about clutch, there's no physical clutch in an EV: the motor is connected to the differential with a fixed ratio.

    On most cars, there's still a "gear selector"-like lever with Reverse/Neutral/Forward position similar to automatic cars.
    But this actually isn't controlling any physical device, it's electronically defining the behavior of the vehicle.
    (e.g.: which direction the motors spins when the accelerator pedal is pushed).

    Also, because electic motors only use fixed gear ratio and go in reverse by spinning the motor the otherway around, it means that nothing will physically limit the speed of the car in *reverse* the motor could spin as fast forward as backward.
    (Unlike an ICE, where the motor constantly spins in a single direction, and only has 1 single gear going in reverse. You can't shift to a "2nd gear reverse" to go any faster, unlike when going forward with 5 or 6 gears).

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]