Kyle Hyatt, CNET

SAN FRANCISCO (CNET) — The Tesla Model S is a high-tech car. Its ability to see the world around it and communicate with Tesla HQ would make it more vulnerable than many other less sophisticated cars to the machinations of hackers.

To combat this, Tesla has doubled down on security and admirably, has done a great job of keeping hackers out, except for this one little, kind of low-tech thing: the key fob.

gettyimages 940234674 Tesla Model S Key Fobs Vulnerable To Hackers

A Model S sits on the showroom floor at a Tesla dealership on March 30, 2018, in Chicago, Illinois. (Getty Images)

It turns out that despite all of Tesla’s code checking and security updating, it’s super easy to clone a Model S key and drive away with the car, according to researchers from KU Leuven university in Belgium. It takes just a few seconds and would make Nic Cage weep with pride. The researchers will publish a paper on their methods in the near future.

The hardware required to clone the key only costs a few hundred dollars and allows the hacker to snag the key fob’s encrypted signal out of the air and decode it faster than you can say “Tesla Model S security vulnerability.”

The fobs were built by a company called Pekton which allegedly only used a relatively unsophisticated 40-bit encryption protocol to protect them.

“Today it’s very easy for us to clone these key fobs in a matter of seconds,” says Lennert Wouters, a researcher at KU Leuven in a statement to Wired. “We can completely impersonate the key fob and open and drive the vehicle.”

Tesla paid the researchers at the university a $10,000 bounty for finding the vulnerability and then went about fixing the issue.

RELATED: Tesla Recalls 123K Model S Sedans For Power Steering Problem

“Due to the growing number of methods that can be used to steal many kinds of cars with passive entry systems, not just Teslas, we’ve rolled out a number of security enhancements to help our customers decrease the likelihood of unauthorized use of their vehicles,” said a Tesla representative in a statement to Roadshow. “Based on the research presented by this group, we worked with our supplier to make our key fobs more secure by introducing more robust cryptography for Model S in June 2018.”

A separate software update issued by Tesla allows owners of cars bought before June 2018 to update to the newer, more secure key fob. For those owners who choose not to upgrade their fob, Tesla updated its software last year to allow users to disable passive entry entirely. In addition, all Model S owners can enable the PIN to Drive feature which was rolled out earlier this year.

We also received notice that Tesla would be adding the KU Leuven researchers to its Hall of Fame for their work in finding this security vulnerability.

Comments

Leave a Reply

Please log in using one of these methods to post your comment:

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s