A group of enthusiasts from the Catholic University of Louvain (Belgium) found a way to crack digital key Tesla Model S remotely. The hacking takes no more than two seconds. About how to do it, researchers told a conference of Cryptographic Hardware and Embedded Systems, held on Monday in Amsterdam, reports Motherboard.
Experts say that in theory, the same hacking can be done not only with the digital keys Tesla, and in General to any wireless digital key, as most such systems (especially entry-level) work in the same way: as soon as the key is pressed, the device transmits an encrypted signal to open the car doors and allows it to run.
Tesla uses a digital key production company Pektron, which in turn uses a relatively simple encryption system for locks. Thanks to the perseverance and patience of the enthusiasts collected a summary table of the possible combinations of code to unlock a total volume of 6 terabytes (the number of keys in it was 2^16).
In addition to the set of possible keys, the hacker will need a digital radio transmitter Yard Stick One and Proxmark and compact computer Raspberry Pi – the total cost of components is around $ 600.
How it works, you can see in the video below.
A vulnerability in the encryption system, a group of researchers reported in Tesla in 2017. The company has paid them a $ 10,000 reward, but patched the vulnerability in June 2018.
Such slowness the company explained the following:
“Because of the growth in the number of new methods to commit theft of many cars with passive Keyless entry (not just Tesla), we have released several software security updates that are designed to reduce the likelihood of unauthorized access to cars. In addition, after reviewing the results of studies provided by this group, we turned to your supplier with the issue of increasing the cryptographic security of our digital keys. The appropriate update software, and new digital keys may, if desired, to all owners of Model S cars produced before June of this year.”
About problems with a cryptographic protection system Tesla announced in July, advising owners of the electric vehicle disable “passive access”. In addition, the company last month added to the protection system the need for entering a PIN, which in theory also should reduce the risk of the use of the car by an unauthorised person even if the digital copy of the key. However, customers must first activate an additional function.
To discuss the news in our Telegram chat.
Hack 2 seconds: digital protection Tesla could not resist the hackers
Nikolai Khizhnyak