Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Transportation Wireless Networking

Tesla's Keyless Entry Vulnerable To Spoofing Attack, Researchers Find (theverge.com) 100

An anonymous reader quotes a report from The Verge: Researchers at KU Leuven have figured out a way to spoof Tesla's key fob system, as first reported by Wired. The result would let an attacker steal a Tesla simply by walking past the owner and cloning his key. The attack is particularly significant because Tesla pioneered the keyless entry concept, which has since spread to most luxury cars. This particular attack seems to have only worked on Model S units shipped before June, and in an update last week, Tesla pushed out an update that strengthened the encryption for the remaining vehicles. More importantly, the company added the option to require a PIN password before the car will start, effectively adding two-factor to your car. Tesla owners can add the PIN by disabling Passive Entry in the "Doors & Locks" section of "Settings."

The attack itself is fairly involved. Because of the back-and-forth protocol, attackers would first have to sniff out the car's Radio ID (broadcast from the car at all times), then relay that ID broadcast to a victim's key fob and listen for the response, typically from within three feet of the fob. If they can do that back-and-forth twice, the research team found they can work back to the secret key powering the fob's responses, letting them unlock the car and start the engine.

This discussion has been archived. No new comments can be posted.

Tesla's Keyless Entry Vulnerable To Spoofing Attack, Researchers Find

Comments Filter:
  • Omigod, time to short TSLA! :)
  • by Anonymous Coward

    The first time I saw keyless entry it was on my 2005 Toyota Prius (still rolling, 108K miles thank you very much).

  • Pioneered what? (Score:5, Informative)

    by Anonymous Coward on Monday September 10, 2018 @06:31PM (#57287394)

    "The attack is particularly significant because Tesla pioneered the keyless entry concept, which has since spread to most luxury cars. "

    What kind of propaganda bullshit is this?

    Le'ts see what Wikipedia says:

    The remote keyless systems using a handheld transmitter first began appearing on the French made Renault Fuego in 1982,[2] and as an option on several American Motors vehicles in 1983, including the Renault Alliance. The feature gained its first widespread availability in the U.S. on several General Motors vehicles in 1989.[citation needed]

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    Stop drinking the Flavoraid*.

    *Historically accurate if you look it up.

    • Apparently Tesla keyless driving is a bit different from what you're referencing:

      TESLA KEYLESS DRIVING

      Keyless Driving is a feature that allows one to power up and drive the Model S without using the factory key fob. In fact the key fob doesn’t even need to be in possession as all you need is a smart phone (with Tesla Model S app installed) and connectivity to the internet.

      • TFS mentions "fob" and "key" four times each, and has zero mentions about a phone. If it's about a phone-based system, then it's incredibly poorly written (even for BeauHD). Or it's about the actual fob - not what you surmise, the phone.
        • Article was poorly written. The key fob entry method wasn't a Tesla innovation, the alternative, smartphone-based entry system is. According to TFA the problem was only with the fob, specifically the weak encryption used in the Pektron chip used in Tesla's key fob.
      • Re: (Score:2, Funny)

        by Trogre ( 513942 )

        So to drive your car you just need:

        1. Your smart phone (with enough battery to last your trip) and
        2. Connectivity to the internet.

        Nope, can't see any problem there.

        • So to drive your car you just need:

          1. Your smart phone (with enough battery to last your trip) and 2. Connectivity to the internet.

          Nope, can't see any problem there.

          Or...wait for it...use the fob. What? Too many choices?

        • 1. Your smart phone (with enough battery to last your trip)

          No, only enough to start the car. Better not stop it and get out anywhere along the route, though. Of course, once the car is started, you can charge your phone from one of the car's USB outlets.

          2. Connectivity to the internet.

          I don't think that this is correct. I think you only need bluetooth.

          • by ai4px ( 1244212 )

            The Tesla Model S uses the cell network to unlock the car. When you get out of the driver's seat, the car shuts off. It is entirely possible to get stranded if you exit the vehicle in a cell phone dead zone.... if you don't have a key fob. And yes, I own a model S.

        • And hope that the app doesn't log you out so you get stranded. That happened to an actual Model 3 owner, they phoned up Tesla support, who told them to find someone to pick them up.

      • by AmiMoJo ( 196126 )

        They have a Bluetooth based system too, but it's still in beta and doesn't work with a lot of phones.

      • Apparently Tesla keyless driving is a bit different from what you're referencing:

        And as pointed by others in this thread, not the keyless system that was affected by the current vulnerability.

        The vulnerability affects the classical fob-based keyless system, that has been available for ages from countless others manufacturer.

        Thus the parent is right (and the summary is wrong), Tesla hasn't been the one pioneering the affected keyless system.

    • Stop drinking the Flavoraid*.

      *Historically accurate if you look it up.

      Apparently, open packages of both Kool-Aid and Flavor Aid were found at the scene of the Jonestown Massacre, though more of the latter than the former.

      (I once heard a couple minutes of a tape of one of Jim Jones' rants-on-the-Jonestown-PA-system. It sounded like a sermon straight out of Heinlein's _Stranger in a Strange Land_. Creepy.)

    • by stooo ( 2202012 )

      Renault introduced it. The system was made by Siemens.
      Tesla did not invent keyless entry and start.

  • "letting them unlock the car and start the engine"

    Since when do EVs have "engines". I thought they had electric motors.

    • engine
      enjn
      noun
      1. A machine with moving parts that converts power into motion.
      synonyms: motor, machine, mechanism
      • Unless that car has a neutral gear starting the "engine" without you being inside is a bad idea.

        • You are kidding, right?
          • by dAzED1 ( 33635 )
            if you're going to go the route of saying an engine is something that converts power to motion, then it would be dumb to do that without the person in the car. An EV doesn't "idle" - there simply isn't power applied to the /motors/ yet. IE, it's not creating any "motion," even if you want to pretend it has a neutral in the way ICE cars do.
      • The "motor" versus "engine" debate.

        steam engine and NOT steam motor
        rocket engine and rocket motor
        NOT electric engine and electric motor
        NOT starter engine and starter motor

        In other words, "engine" and "motor" have overlapping spheres of influence but the 2 terms are not fully inter-changeable due to their historical usage.

        One reason why the term "electric engine" is coming into usage is because people know a car has an engine so logically in their mind, the device generating propulsion in an electric car is

    • Being pedantic, I have corrected the subject.

      Pedant refers to a person that is pedantic. So your subject was meaning enable the pedantic mode of the person.

  • by gweihir ( 88907 ) on Monday September 10, 2018 @06:53PM (#57287512)

    ...then these people really, really, really screwed up. Like absolutely clueless about security. Unfortunately, that seems to be the standard with most EEs doing security these day.

    • by AmiMoJo ( 196126 )

      Looking at the pin code entry it seems that the order of the buttons isn't randomised, so the pin code will be easy to steal just by looking at the fingerprint smudges on the screen.

      • by gweihir ( 88907 )

        A very old, very well-known attack. Thermal imaging has also been uses on ATMs for this, although the timing is more practical there.

  • by WillAffleckUW ( 858324 ) on Monday September 10, 2018 @07:00PM (#57287538) Homepage Journal

    Oh.

    Wait.

    It does.

    • This one doesn't work for all cars. Most cars would require you to get the FOB and push a button and relay that to the car, then a separate vulnerability to replicate the key action as well. As their is no information transmitted without physical action by the owner, it isn't at all the same. The Tesla FOB automatically unlocks with proximity, and requires no KEY to then drive off at that point.

      The Tesla system (used by a couple other luxary cars as well) just requires the hackers to be close to the car for

    • by AmiMoJo ( 196126 ) on Tuesday September 11, 2018 @02:25AM (#57288692) Homepage Journal

      No it doesn't. The problem here is not just that you can unlock the car, it's that you can recover the secret key and make a duplicate key. Then you can start and drive the car all you like, access it whenever you want rather then just once.

      Not sure what this claim about Tesla pioneering keyless entry in the summary is either. Lots of cars had it long before Tesla came along.

    • Wait.

      No.

      It does not.

      All these systems have cryptographic exchanges. Just because one specific imlimentation of it contained a flaw that allows an attacker to gain a access to the secret key doesn't mean that all systems have the same flaw. Unless you're implying in an industry where everyone reinvents everything and designs everything custom to themselves suddenly thought it was a great idea to standardise on one code base for keyfobs.

  • by JustNiz ( 692889 ) on Monday September 10, 2018 @07:07PM (#57287564)

    No, they really didn't.
    Keyless Entry / Go was introduced first by Mercedes-Benz in the S-Class car series in 1998. It was being pretty widely used in quite a few luxury brands before 2003 when Tesla was founded.

    • by stooo ( 2202012 )

      Renault introduced it first. The system was developped by Siemens.
      Tesla did not invent keyless entry and start.

  • We regularly have a reminder that it is a bad idea to develop in house crypto. In this situation, it seems that reusing something like Mifare was the way to go.
    • Re:In house crypto (Score:4, Insightful)

      by im_thatoneguy ( 819432 ) on Monday September 10, 2018 @07:48PM (#57287734)

      Wasn't in-house Tesla. Looks like they used an off-the-shelf solution which is vulnerable in several manufacturer's vehicles. But "Tesla" pushes clicks more than "Mercedes keyless entry..."

      • Can somebody tell me why a radio signal detector couldn't unlock the car initially by just range extending it to the parking lot without the owner knowing??

        What happens if while driving the car the key is thrown out of the window? (or the range extender stops?)

    • by stooo ( 2202012 )

      >> We regularly have a reminder that it is a bad idea to develop in house crypto. In this situation, it seems that reusing something like Mifare was the way to go.

      Mifare is closed source proprietary, very weak and very broken.
      That is pretty much worse than in-house crypto, because it's already pre-hacked.

      That is very very bad advice.

      • Mifare is closed source proprietary, very weak and very broken.

        Mifare is a brand which covers a whole range of specific technologies. Only the oldest ones are very weak and very broken. This is like saying "TLS is old and broken", because TLS 1.0 has known vulnerabilities. Yes it does, but that doesn't mean TLS 1.3 isn't quite solid.

        However, Mifare is close-range and wouldn't be convenient for this application.

    • We regularly have a reminder that it is a bad idea to develop in house crypto.

      Always true.

      In this situation, it seems that reusing something like Mifare was the way to go.

      No, Mifare (or ISO 14443 contactless smart card protocols in general) are too short-ranged. You'd have to pretty much tap the key to some part of the car to activate it. That's much less convenient than the "walk up, get in, drive away" process that Tesla and other high-end automakers want to provide.

      It should also be noted that there's another sort of vulnerability that's even harder to prevent: relay attacks. Good crypto will make it impossible to clone the key, but if I can put one transce

      • the process negotiates an ephemeral shared secret between them that can be combined with a pre-shared secret to provide strong authentication that is secure against relay attacks.

        Mifare does exactly that, and if your system is recent enough to support EV1, you have AES128, which is not broken yet.

        The range objection remains, though.

        • the process negotiates an ephemeral shared secret between them that can be combined with a pre-shared secret to provide strong authentication that is secure against relay attacks.

          Mifare does exactly that

          No, Mifare does not support a bounding protocol [wikipedia.org], at all, much less one that negotiates an ephemeral shared secret as a side effect. Mifare is subject to relay attacks. Yes, Mifare -- like most everything else in this space -- does negotiate a session key, but that's not at all the same thing.

  • There've been other keyless access issues with other companies before as well. I remember reading some article about a guy keeping his key fob in an altoid tin or whatever after someone with a range extender of some kind that let them open his car door several days in a row. Apparently it could be used next to his car (parked in the street) and replicate the signal from the fob a decent distance away.

    Now I look forward to this same writer having an article about his fob breaking due to being filled with

  • Nothing of what I can imagine have been invented by or pioneered by Tesla. Keyless entry have been used long before Tesla existed, so?

Time is the most valuable thing a man can spend. -- Theophrastus

Working...