"Wired" article about key fob cloning

[.jg.]

I found the video fairly scary and an incentive to use the new "Enter PIN to Drive" feature.
The vulnerabililty seems to be with the keyless entry systems of Teslas sold before June 2018 (and in other makes of car and motorcycles using simliar keyless entry systems).

HACKERS CAN STEAL A TESLA MODEL S IN SECONDS BY CLONING ITS KEY FOB

COSIC researchers hack Tesla Model S key fob

 

[DOCAL]

Ugh, a 40 bit key. What were Pektron thinking.
I hope Tesla makes newer key fobs available at a reasonable price for those that want them.

20 years ago the EFF demonstrated the danger of short keys with its 56bit DES cracker. The danger was known about long before that of course, but the EFF showed how cheaply you could do it.

 

[mongo]

40 bits and no salt?
Why????
Is the car also not using a rolling code to generate the challenges?

We were using better stuff in the 90's (and you could optimize it to real time calculation).

 

[brkaus]

Is there any word on the cost of replacement key fobs and the process to swap them out?

 

[CUBldr97]

the sky is falling... no not really... as the article points out... it took 9 months to crack..

PIN to drive, and disable passive entry... problem solved.

 

[DOCAL]

the sky is falling... no not really... as the article points out... it took 9 months to crack..

PIN to drive, and disable passive entry... problem solved.

It took 9 months to figure out how to do it and build the rainbow table. However, with that info any car can be cracked in seconds.

The sky certainly isn't falling right now, but devices for relay attacks have been available on the blackmarket for years, I'd be very much surprised if people aren't already looking to make and sell devices for this attack too.

I don't think passive entry will help here - they can figure out the fob secret key, so can send the button press signal. PIN to drive certainly will help though.

 

[.jg.]

the sky is falling... no not really... as the article points out... it took 9 months to crack..

It was 9 months to reverse engineer the keyless system and the technique of cloning a fob. But now the researchers (and the world) know that there is only a 40-bit cipher to break - and that only takes a few seconds, as shown in the video.

PIN to drive, and disable passive entry... problem solved.

Sure - but people need to understand why they should disable passive entry and use a PIN.

 

[Randomguyyy]

Has anyone successfully upgraded their key fob to the post-June 2018 version at a service center?

Was there a charge or was it complimentary?

 

[TJtv]

I don't think passive entry will help here - they can figure out the fob secret key, so can send the button press signal. PIN to drive certainly will help though.

Agree that passive entry really doesn’t protect anything. Also if they can send the button press signal they could also send the signal to pop the trunk or open the falcon doors on model x. Would not be fun to return to your car with all the doors open, even if PIN prevents them from driving it.

 

[brkaus]

...or open the falcon doors on model x.

My understanding is this is a risk on the Model S only.

 

[Ken7]

Since when do we have the option of a PIN? I must have missed that.

 

[born2run]

Since when do we have the option of a PIN? I must have missed that.

Latest software update enables it.

 

[roblab]

And one more thing: You can watch the stolen car on your phone. And tell the cops where it is. I don't recall hearing that the fob turns off the phone app.

 

[brkaus]

Has anyone successfully upgraded their key fob to the post-June 2018 version at a service center?

Was there a charge or was it complimentary?

I don’t expect it will be complimentary.

 

[DOCAL]

And one more thing: You can watch the stolen car on your phone. And tell the cops where it is. I don't recall hearing that the fob turns off the phone app.

Once someone is in the car they can just disable mobile access from the screen.

 

[Zaxxon]

Cross-posted from another thread where I just commented...

It's not great, but:
1) it's harder to pull off than the headline would have you believe (attacker needs to be within fob range of a target car, and then get within 3 feet of that car's fob. Then they can compute the future codes in seconds, on their computer with several-terabyte hard drive.
2) Tesla has already done a lot to address it, via upgraded fobs on vehicles since June, and PIN to drive and software update allowing fixed fobs to be added to vulnerable older Model S vehicles. What have the other impacted manufacturers done? (Signal-blocking pouches. I am not joking.)
3) "Starts the engine?" Come on, Wired. You're better than that...

 

[tranzndance]

PIN to change sensitive settings, like disabling remote access, would be great.

 

[eye.surgeon]

In a world where not a single Tesla vehicle has been stolen using this technique, excuse me if I don't get alarmed. Newsflash, I can steal your car key in any number of ways without having james bond level technology to dupe the signal.

 

[.jg.]

And one more thing: You can watch the stolen car on your phone. And tell the cops where it is. I don't recall hearing that the fob turns off the phone app.

Where Teslas have successfully been stolen in Europe (probably using relay attacks), the cars have been disconnected from mothership.tesla.com at about the same time they were stolen, so the thieves have probably used jammers to block cellular and wireless signals. After that, they have probably taken the cars apart, disabling any tracking.

 

[ramonneke]

Exactly, if they have the hardware to copy the keyfob, they probalby have also a GSM/GPS jammer.