A group of enthusiasts from the Catholic University of Leuven (Belgium) discovered a way to crack the Tesla Model S digital key in a remote way. In this case, hacking takes no more than two seconds. The researchers told about how to do this at the Cryptographic Hardware and Embedded Systems conference, which was held in Amsterdam on Monday, the Motherboard portal reported.
Experts say that in theory, the same hacking can be done not only with Tesla digital keys, but in general with any wireless digital key, since most such systems (especially the entry level) work almost the same way: as soon as the button is pressed on the key, the device sends an encrypted signal to open the car doors and allows it to run.
Tesla uses Pektron's digital keys, which in turn uses a relatively simple encryption system for locks. Thanks to perseverance and patience, enthusiasts gathered a summary table of possible code combinations for unlocking a total of 6 terabytes (the number of keys in it was 2 ^ 16).
Besides the set of possible keys, the hacker will need digital radio transmitters Yard Stick One and Proxmark, and also a compact Raspberry computer Pi – the total cost of components is about $ 600.
How this works, you can see in the video below.
A group of researchers reported vulnerability in the encryption system in Tesla as early as 2017. The company paid them $ 10,000 in remuneration, but corrected the vulnerability only in June 2018.
The company explained this slowness by the following:
“Due to the growing number of new methods allowing hijacking of many cars with passive keyless access systems it's not just Tesla), we released several software security updates designed to reduce the likelihood of unauthorized access to cars. In addition, after studying the results of the study provided by this group, we turned to our supplier with the question of increasing the cryptographic protection of our digital keys. The corresponding software update, as well as new digital keys, can be obtained if desired by all owners of the Model S cars released before June of this year. “
Tesla reported problems with the cryptographic protection system in July, recommending the owners of the electric car to disable the” passive access “functions. In addition, the company last month added to the security system the need to enter the PIN code, which in theory should also reduce the risk of using the car by an unauthorized person even if the digital key is copied. However, the company's customers must first activate the additional function.
You can discuss the news in our Telegram-chat.