New cryptographic vulnerability in Tesla Model S key fob’s encryption allows hackers to clone the key and steal the car without touching the owners key.
Lennert Wouters, a security researcher from Belgian university KU Leuven and, his team revealed a new technique to bypass the Model S key fob’s encryption in Cryptographic Hardware and Embedded Systems conference in Atlanta.
A year ago, the Same researcher found the critical vulnerabilities in Telsa car let hackers break the Model S’s keyless entry system to unlock the car.
Soon after Tesla fixed the flaw and created a new version of its key fob but now the spotted another flaw that affected the new key fob.
Compare to the previous one, the new attack is more limited in its radio range and also take a few more seconds to break the system than the previous one.
Cracking the Encryption Keys
According to Wouters, “The vulnerability resides in the Key fob that manufactured by a firm called Pektron, comes down to a configuration bug that vastly reduces the time necessary to crack its encryption”
In the previous version, the 40-bit encryption key was to used that can be easily cracked by hackers to gain the key access. later, Tesla and Pektron’s upgrade the key strength to 80 bit which is extremely hard to crack.
But the new open the door for hackers to break the 80-bit encryption key by split into two 40 bit key.
According to Wired report, “That shortcut makes finding the key only twice as hard as before. “The new key fob is better than the first one, but with twice the resources, we could still make a copy, basically,”
To execute the attack, Proxmark and Yard Stick One radios and a Raspberry Pi minicomputer can be used to capture the radio signal from a parked Tesla and eventually used to spoof the car communication with the owner’s key fob.
Researcher demonstrates the attack by recording and breaking the encryption on the key fob’s response to derive the fob’s cryptographic key in less than two seconds to unlock the car.
According to the Tesla spokesperson,’ “there is no evidence that the key-cloning technique has been used in any thefts. “While nothing can prevent against all vehicle thefts, Tesla has deployed several security enhancements, such as PIN to Drive, that makes them much less likely to occur,”
Tesla implemented the same fix to key fobs for all new Model S vehicles last month, so anyone who bought a Model S since then doesn’t need to update. Other vehicles like the Model X and Model 3 aren’t affected, Wouters said.
This time Tesla pushing out an over-the-air update to the key fobs via cars’ internet connections instead of replacing hardware.
Lennert Wouters disclosed it in April of this year and Tesla rewarded him $5,000 under bug bounty for reporting this vulnerability.