A significant security vulnerability has emerged involving Tesla’s Model S key fob system, enabling a team of researchers to hack the luxury electric vehicle in under two seconds. Despite Tesla implementing various defensive measures against cyber threats, researchers from the Computer Security and Industrial Cryptography (COSIC) group at KU Leuven University in Belgium found a way to bypass the encrypted controls that govern their vehicles’ key fobs.
The research team utilized approximately $600 worth of radio and computing equipment to intercept signals from a nearby Tesla owner’s key fob, effectively cloning it. This method allowed them to unlock the Model S and drive off without detection, as reported by Wired. Lennert Wouters, one of the researchers, explained that the process is alarmingly simple: “We can completely impersonate the key fob and open and drive the vehicle.”
Tesla’s keyless entry system relies on encrypted codes sent to the vehicle’s radios to unlock the doors and initiate the ignition. However, the KU Leuven researchers discovered that Tesla employs a keyless entry system manufactured by Pektron, which utilizes a vulnerable 40-bit cipher for encryption. To exploit this weakness, the team created a 6-terabyte database of potential key combinations and used various radio devices to capture two critical codes, leading to the quick calculation of the cryptographic key needed for the attack.
Following the report of this vulnerability, Tesla upgraded its encryption methods in June 2018 and subsequently introduced an optional PIN code for added security. The researchers disclosed that the attack could execute in just 1.6 seconds, highlighting the critical importance of robust encryption standards in automotive security systems. A video demonstration further illustrates the method’s efficiency and effectiveness.
In light of this exploit, Tesla faced criticism for its use of weak encryption, though the KU Leuven team acknowledged the company’s proactive response to the threat. Other vehicle manufacturers using similar technology, however, were criticized for neglecting security reports from researchers.
Tesla has compensated the KU Leuven team with a $10,000 bounty for their findings, recognizing the significance of quick remediation in the evolving threat landscape. The company’s responsiveness stands in contrast to other automotive manufacturers that have yet to address similar security flaws.
This incident underscores the potential security risks for high-tech vehicles increasingly reliant on keyless entry systems. A comprehensive understanding of the MITRE ATT&CK framework could shed light on the adversarial tactics employed in this attack, particularly focusing on initial access and exploitation of vulnerable encryption protocols. As the automotive sector continues to integrate advanced technology, a robust cybersecurity posture becomes indispensable for safeguarding against emerging threats.