KU Leuven researchers once again hack a Tesla Model S key fob

29/08/2019

Owners of one Tesla model should maybe stop relying on just their key fob to unlock their car. Researchers at Belgium university KU Leuven have reported that they've again successfully bypassed the keyless entry system of a Tesla Model S.

The team first announced their ability to unlock a Model S with a cloned key fob last September. But, on Tuesday, the university's Lennert Wouters presented evidence that they had managed to exploit a bug that bypassed Tesla's patch of that initial weakness, again allowing access to a locked Model S.

According to Wouters, it's a configuration bug in the encryption of the key fob, which is produced by electronics company Pektron, that would allow a hacker to crack the code by breaking only a little bit more sweat than previously required.

Tesla told Wired that there's no evidence that anyone has successfully used this hack to steal a Model S (the hack doesn't affect other models since they use different key fobs). The company has already rolled out an easy-to-implement software update that fixes the issue and wirelessly updates the key fob in just a few minutes.

Additionally, Tesla's PIN-code-to-drive feature, once enabled by the driver, can prevent this sort of theft from occurring by allowing the driver to set a four-digit code that must be entered before the car can be driven.

It's not the first time a Tesla has been at the center of fob vulnerabilities. A video that circulated in the fall of 2018 purports to show a thief using a relay attack to steal a Model S. As we reported then, the thieves amplified "the signal from the car owner's key fob (located inside his home) in order to trick the vehicle into thinking the fob was present."

And yet another video claiming to show a similar relay attack theft was shared by Business Insider earlier this month.

To be fair, as Jalopnik notes, this sort of relay attack isn't unique to Tesla; it's a vulnerability that affects just about any car that utilizes a key fob. Our own Jack Morse showed you how to protect your car from such a relay attack back in 2017.

Tesla's popularity and name-recognition just brings more attention even as the Model S is one of the least-stolen cars, according to one study. Disabling Tesla's "passive entry" feature should prevent such a relay attack and its Sentry Mode offers another layer of security.

And, like the other theft attempts, these can be prevented by the added protection layer that comes with the PIN-to-drive feature which you should definitely enable, lest you allow your really, really expensive new ride to fall prey to some wily thieves.

Source: Mashable

Partners