September 11, 2018 at
Just when you think you have bought a secure Tesla S model car, researchers say you should wake up from your fantasy. Yes, in terms of innovation, security, and comfort, ordinarily, we would want to give it to Tesla. But hackers seem to have proven all these wrong by hacking Tesla S key fob.
Among other things, the Tesla brand is renowned for its studded features, security, and exotic innovations. The driving experience is top-notched as features have been comprehensively digitized. Despite all these, hackers seem to have broken through the Tesla S defense line.
Just with a set of equipment valued at $600, the Tesla S model’s key fob can now be hacked. This has been demonstrated by Belgium researchers at KU Leuven University.
According to a report by Wired, the operating principle of the radio equipment is based on basic computing logic. This allows it to clone in less than 3 seconds the key fob of Tesla Model S. Consequently, anyone can gain access to the car and steal it.
In fact, the researchers boasted that cloning the key fobs is becoming easier for them with each passing day. In just 2 seconds, they claim to be able to impersonate the fob and open the vehicle effortlessly.
Tesla Key Fobs
Tesla key fobs are similar to those of the keyless entry systems. It sends a code encrypted and sealed by a key that is cryptographic. It is this signal that the radio in the car recognizes to open the door and start the engine. The researchers discovered that the encryption used by the key fobs is a 4-bit cipher. This has been shown to be weak and easy to hack.
The researchers were able to use reverse engineering to clone the fob. They equally made use of a unique hardware key consisting of one Yard Stick One Radio, one Proxmark radio, one Raspberry Pi minicomputer, a few batteries as well as a list of likely entry keys
Here Is The Hacking Process
In order to carry out the hacking, researchers used Proxmark radio to tap the target’s radio I’d. Upon tapping the signal, it continues to be broadcast every time. This makes it pretty simple to tap it when next it is needed.
After this first process, researchers extracted the radio present in not more than 3 meters radius of the Tesla S model of the target. This signal is what is naturally used by the car to send and receive codes.
The researchers then take this signal and pass it through their already-prepared database of possible combinations. This database is 6 terabyte in volume. The right combination is picked from this search and researchers are able to open the car. Once the car is opened, it is easy to start the engine without anyone knowing.
A video of this process is available here:
Tesla Rewards Researchers and Releases Updates
When this crack was revealed to Tesla, it promptly rewarded the researchers that discovered it. Furthermore, Tesla did not waste time in asking for a company owned by Elon Musk to come up with an update to block the loophole.
This update had since been released and it uses two-factor authentication. The update requires that drivers add certain codes on their car dashboard before the engine can start.
Nevertheless, any Tesla S model released prior to June this year may still be prone to this kind of hacking. That is because the security upgrade reported above is only for the Tesla S model sold after June. Owners of these cars may, therefore, have to take extra care to ensure their security.