A group of enthusiasts from the Catholic Church of LeuvenUniversity (Belgium) discovered a way to crack the Tesla Model S digital key in a remote way. In this case, the hacking itself takes no more than two seconds. About how to do this, the researchers told the conference Cryptographic Hardware and Embedded Systems, held on Monday in Amsterdam, according to the portal Motherboard.
Experts say that in theory, the same hackingIt can be done not only with Tesla digital keys, but generally with any wireless digital key, since most of these systems (especially entry-level) work almost the same: as soon as the key is pressed, the device transmits an encrypted signal to open the car’s doors and allows it to start.
Tesla uses digital production keysPektron, which in turn uses a relatively simple encryption system for locks. Thanks to perseverance and patience, enthusiasts collected a summary table of possible code combinations for unlocking a total of 6 terabytes (the number of keys in it was 2 ^ 16).
In addition to a set of possible keys, the hacker will needdigital radio transmitters Yard Stick One and Proxmark, as well as a compact computer Raspberry Pi - the total cost of the components is about $ 600.
How it works, you can see in the video below.
A group of researchers reported a vulnerability in the encryption system in Tesla back in 2017. The company paid them $ 10,000 in remuneration, but only fixed the vulnerability in June 2018.
The company explained this slowness as follows:
“Due to the growing number of new methods that allowto hijack many cars with passive keyless entry systems (not just Tesla), we have released several software security updates designed to reduce the likelihood of unauthorized access to cars. In addition, after studying the results of the research provided by this group, we turned to our supplier with a question of increasing the cryptographic protection of our digital keys. The corresponding software update, as well as new digital keys, can be obtained, if desired, by all owners of Model S cars produced before June of this year. ”
About problems with cryptographic protection systemTesla reported in July, recommending the owners of the electric vehicle to disable the "passive access" features. In addition, the company added the need to enter a PIN code to the security system last month, which in theory should also reduce the risk of an outsider using the car even if a digital key is being copied. However, the company's customers must first activate the additional function.
You can discuss the news in our Telegram-chat.