2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Eggheads demo how to clone gizmo, nick flash motor in seconds – flaw now patched


Video Boffins have sprung the bonnet on the weak crypto used in the keyless entry system in Tesla's Model S car.

Researchers from the Computer Security and Industrial Cryptography (COSIC) group – part of the Department of Electrical Engineering at Belgian university KU Leuven – were able to clone a key fob, open the doors, and drive away the electric sports car.

Essentially, using some software-defined radio kit, it is possible to extract enough information over the air from a nearby victim's wireless fob to create a copy of it – and use this to steal their flash motor. This is done by probing the legit fob into thinking it is talking to its car, when really it's talking to a Raspberry Pi 3 B+ connected to transceiver equipment and running special software.

The above link has all the technical details, if you're interested. It takes a couple of seconds to break the cryptography.

The problem was reported to Tesla, and resolved in June when the car maker pushed out a software upgrade: this update strengthened the weak encryption that permitted the attack. Last month Tesla added an optional PIN as an additional defence. Below is a video demo'ing the attack.

Youtube Video

In a statement, Tesla confirmed the fix, adding the researchers involved had earned an unspecified bug bounty for their efforts:

Due to the growing number of methods that can be used to steal many kinds of cars with passive entry systems, not just Teslas, we've rolled out a number of security enhancements to help our customers decrease the likelihood of unauthorized use of their vehicles.

None of these options would be possible for any traditional automaker – our ability to update software over the air to improve functionality and security is unique.

Based on the research presented by this group, we worked with our supplier to make our key fobs more secure by introducing more robust cryptography for Model S in June 2018. A corresponding software update for all Model S vehicles allows customers with cars built prior to June to switch to the new key fobs if they wish.

In addition, we had already been working on several other over-the-air updates to help protect our customers from thefts – last year we introduced an update that allows all customers to turn off passive entry entirely, and this year we introduced PIN to Drive, which allows customers to set a unique PIN that needs to be entered before their vehicle is driven.

Tesla added it plans to add the security researchers to its Hall of Fame.

It was not a key relay attack (PDF), an established way to hack keyless cars, but rather an exploit of DST40, a 40-bit-key technology shown to be weak 13 years ago by a group including (PDF) ace cryptographer Matthew Green.

"I really feel like doing further research is redundant at this point, since my 2005 papers are apparently still good enough to pwn Tesla," Green noted this week.

The research aimed to probe the resilience of Passive Keyless Entry and Start (PKES) systems, which allow drivers to unlock and start their vehicle once a paired key fob is within range – no additional interaction required.

Tesla was used as a proof of concept. However, other automakers rely on keyless entry technology from the same vendor – Pektron – meaning their vehicles potentially could be at risk, too.

"Everybody is making fun of Tesla for using a 40-bit key (and rightly so). But Tesla at least had a mechanism we could report to and fixed the problem once informed. McLaren, Karma, and Triumph use the same system and ignored us," said Tomer Ashur, a member of the research team.

El Reg asked Karma and Triumph Motorcycles to comment on the researcher's criticism. ®

Updated to add

Mclaren has been in touch with The Reg to tell us: "Our experts feel the paper is credible and does demonstrate a theoretical vulnerability in our vehicle security systems. As yet, however, the vulnerability as described in the paper has not been proven to affect our vehicles and we know of no McLaren that has been compromised in such a way."

Broader topics


Other stories you might like

  • Why Wi-Fi 6 and 6E will connect factories of the future
    Tech body pushes reliability, cost savings of next-gen wireless comms for IIoT – not a typo

    Wi-Fi 6 and 6E are being promoted as technologies for enabling industrial automation and the Industrial Internet of Things (IIoT) thanks to features that provide more reliable communications and reduced costs compared with wired network alternatives, at least according to the Wireless Broadband Alliance (WBA).

    The WBA’s Wi-Fi 6/6E for IIoT working group, led by Cisco, Deutsche Telekom, and Intel, has pulled together ideas on the future of networked devices in factories and written it all up in a “Wi-Fi 6/6E for Industrial IoT: Enabling Wi-Fi Determinism in an IoT World” manifesto.

    The detailed whitepaper makes the case that wireless communications has become the preferred way to network sensors as part of IIoT deployments because it's faster and cheaper than fiber or copper infrastructure. The alliance is a collection of technology companies and service providers that work together on developing standards, coming up with certifications and guidelines, advocating for stuff that they want, and so on.

    Continue reading
  • Crypto sleuths pin $100 million Harmony theft on Lazarus Group
    Elliptic points to several indicators that suggest the North Korea-linked gang was behind the hack

    Investigators at a blockchain analysis outfit have linked the theft of $100 million in crypto assets last week to the notorious North Korean-based cybercrime group Lazarus. The company said it had tracked the movement of some of the stolen cryptocurrency to a so-called mixer used to launder such ill-gotten funds.

    Blockchain startup Harmony announced June 23 that its Horizon Bridge – a cross-chain bridge service used to transfer assets between Harmony's blockchain and other blockchains – had been attacked and crypto assets like Ethereum, Wrapped Bitcoin, Binance Coin, and Tether stolen.

    According to blockchain analytics company Elliptic, the attacker immediately turned to Uniswap, a decentralized exchange, to convert most of the assets into 85,837 Ethereum, which researchers said is a common method used by hackers to avoid the stolen assets from being seized.

    Continue reading
  • AMD refreshes Ryzen Embedded line with R2000 series
    The target? Thin clients and industrial devices – with new SoC family running up to 4 independent displays

    Embedded World AMD is bringing to market a new generation of Ryzen chips for embedded apps promising more CPU cores, enhanced built-in graphics and expanded I/O connectivity to drive kit such as IoT devices and thin clients.

    Crucially, AMD plans to make the R2000 Series available for up to 10 years, providing OEM customers with a long-lifecycle support roadmap. This is an important aspect for components in embedded systems, which may be operating in situ for longer periods than the typical three to five-year lifecycle of corporate laptops and servers.

    The Ryzen Embedded R2000 Series is AMD's second-generation of mid-range system-on-chip (SoC) processors that combine CPU cores plus Radeon graphics, and target a range of embedded systems such as industrial and robotic hardware, machine vision, IoT and thin client devices. The first, R1000, came out in 2019.

    Continue reading

Biting the hand that feeds IT © 1998–2022