Digital Protection of Tesla could not Resist Hackers
A group of enthusiasts from the Catholic University of Leuven (Belgium) discovered a way to crack the Tesla Model S digital key in a remote way. In this case, hacking takes no more than two seconds. The researchers told about how to do this at the Cryptographic Hardware and Embedded Systems conference, which was held in Amsterdam on Monday, the Motherboard portal reported.
Experts say that in theory, the same hacking can be done not only with Tesla digital keys, but in general with any wireless digital key, since most such systems (especially the entry level) work almost the same: as soon as the button is pressed on the key, the device transmits the encrypted signal to open the car doors and allows it to run.
Tesla uses Pektron’s digital keys, which in turn uses a relatively simple encryption system for locks.
In addition to the set of possible keys, the hacker will need digital radio transmitters Yard Stick One and Proxmark, as well as a compact computer Raspberry Pi – the total cost of components is about 600 dollars.
How it works, you can see in the video below.
About the vulnerability in the encryption system, a group of researchers reported in Tesla as early as 2017. The company paid them $ 10,000 in compensation, but corrected the vulnerability only in June 2018.
Such slowness was explained by the company as follows:
“Due to the growing number of new methods that allow the hijacking of many cars with passive keyless access systems (not just Tesla’s), we have released several software security updates designed to reduce the likelihood of unauthorized access to cars. In addition, after studying the results of the study provided by this group, we turned to our supplier with the question of increasing the cryptographic protection of our digital keys. The corresponding software update, as well as new digital keys, if desired, get all the owners of Model S cars released before June of this year. ”
About problems with the cryptographic protection system Tesla reported in July, recommending the owners of the electric car to disable the function of “passive access“. In addition, the company last month added to the security system the need to enter the PIN code, which in theory should also reduce the risk of using the car by an unauthorized person even if the digital key is copied. However, the company’s customers must first activate the additional function.