Published on August 27th, 2019 📆 | 7019 Views ⚑0
Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again
Two weeks shy of a year ago, researchers revealed a serious flaw in the security of Tesla's vehicles. With little more than some standard radio equipment, they were able to defeat the encryption on a Model S's keyless entry system to wirelessly clone the sedan's key fob in seconds, unlocking a car and driving it away without ever touching the owner's key. In response, Tesla created a new version of its key fob that patched the underlying flaw. But now, those same researchers say they've found yet another vulnerability—one that affects even the new key fobs.
In a talk at the Cryptographic Hardware and Embedded Systems conference in Atlanta today, researcher Lennert Wouters of Belgian university KU Leuven revealed that his team has again found a technique capable of breaking the Model S key fob's encryption. That would allow them to again clone the keys and stealthily steal the car. Wouters notes the new attack is more limited in its radio range than the previous one, takes a few seconds longer to perform, and that the KU Leuven researchers haven't actually carried out the full attack demonstration as they did last year—they've just proven that it's possible. But their analysis was convincing enough that Tesla has acknowledged the possibility of thieves exploiting the technique, rolling out a software fix that will be pushed out over-the-air to Tesla dashboards.
The insecurity of keyless entry systems isn't limited to Tesla.
Wouters says the vulnerability of the key fob, manufactured by a firm called Pektron, comes down to a configuration bug that vastly reduces the time necessary to crack its encryption. Despite Tesla and Pektron's upgrade from easily broken 40-bit encryption in the previous versions to far more secure 80-bit encryption in the newer key fobs—a doubling of the key length that ought to have made cracking the encryption about a trillion times harder—the bug allows hackers to reduce the problem to simply cracking two 40-bit keys. That shortcut makes finding the key only twice as hard as before. "The new key fob is better than the first one, but with twice the resources, we could still make a copy, basically," Wouters says. Pektron did not return a request for comment.
The good news for Tesla owners is that unlike in 2018, the newer attack can be blocked with a software update rather than a hardware replacement. Just before KU Leuven revealed its initial key fob attack last year, Tesla rolled out a feature that allowed drivers to set a PIN code on their cars that must be entered to drive them. But the more complete fix for the attack required both installing a security update pushed to Tesla vehicles and also buying a new key fob.
In this case, Wouters says, Tesla is again pushing a security update to its keyless entry modules. But this one can also reach out wirelessly from those modules to the key fobs, changing their configuration via radio. "I do think the way Tesla fixed it this time is pretty cool," says Wouters. "That's something that I don't think any other car manufacturer has ever done before, or at least not publicly." Tesla implemented the same fix to key fobs for all new Model S vehicles last month, so anyone who bought a Model S since then doesn't need to update. Other vehicles like the Model X and Model 3 aren't affected, Wouters says, since they don't use the same Pektron key fobs.
In a statement to WIRED, a Tesla spokesperson writes that it has seen no evidence that the key-cloning technique has been used in any thefts. "While nothing can prevent against all vehicle thefts, Tesla has deployed several security enhancements, such as PIN to Drive, that makes them much less likely to occur," the statement reads. "We’ve begun to release an over-the-air software update (part of 2019.32) that addresses this researcher’s findings and allows certain Model S owners to update their key fobs inside their car in less than two minutes. We believe that neither of these options would be possible for any other automaker to release to existing owners, given our unique ability to roll out over-the-air updates that improve the functionality and security of our cars and key fobs.”
KU Leuven's original key fob attack on the Model S worked by using a couple of Proxmark and Yard Stick One radios and a Raspberry Pi minicomputer to grab the radio signal from a parked Tesla, and use it to spoof the car's communications to the owner's key fob. Recording and breaking the encryption on the key fob's response, they could derive the fob's cryptographic key in less than two seconds to unlock and drive the car. Watch KU Leuven demonstrate that attack in this video:
The updated attack works essentially the same way, but takes three or four seconds rather than two. It also targets a lower-frequency radio in the key fob, requiring the attacker to get as close as a couple of inches from the victim's key—but bigger antennas and more amplification and power can help mitigate that limitation. "There are always ways to extend the range," Wouters says.
The 2018 attack also required pre-computing a table of many billions of keys based on all the possible codes that might be sent from the key fob. The new attack requires computing two such tables, each of which takes weeks of computation—long enough that Wouters didn't bother to finish creating the second one. Tesla nonetheless rewarded him with a "bug bounty" of $5,000 after he disclosed it in April of this year. Wouters emphasizes that the pre-computation are just preparatory steps that don't slow down the attack itself. "After you’ve done it, the time to get the key is still really fast," Wouters says.
When the key fob cloning attack against Tesla's Model S cars first came to light a year ago, the company emphasized that its vehicles have a GPS tracking feature that stymies thieves. But that feature hasn't stopped a multiple Tesla thefts that used keyless entry hacks, at least two of which have been documented on surveillance video. (Both those thefts appeared to use a simpler "relay" attack that extends the range of the victim's key fob to open and start the car once, rather than the KU Leuven approach that clones the key permanently.) Anyone who fears their car might be targeted with key cloning or relay attacks should consider keeping their keys in a Faraday bag—at least at night, when car thieves tend to operate.
As much as those Tesla thefts draw attention, given the cars' novelty and high price tags, the insecurity of keyless entry systems isn't limited to Tesla, Wouters cautions. Plenty of other cars have been shown to be vulnerable to relay attacks and even the sort of key fob encryption cracking that KU Leuven has demonstrated. Most carmakers buy their keyless entry hardware from third-party suppliers, and not all of them are capable of auditing those components for flaws, or for that matter, pushing security updates over the internet. "There are probably better systems than Tesla's, and there are definitely worse systems," Wouters says. "This is part of the ecosystem of how a car is built."