Researchers from KU Leuven University, Belgium, found that, despite all of Tesla’s code checking and security updates, it’s simple to clone a Model S key fob.
To clone a Tesla S key fob can cost as little as US$600. This gives hackers the opportunity to snag the key fob, as well as decode it within a matter of seconds, at a reasonable price.
The researchers built a database of all digital entry keys that could possibly open a Model S. As a result, they found six terabytes worth of potential keys which were already stored on the device’s hard drive.
The issue was bought to light over Pekton, the creators of the Model S key fobs, using an unsophisticated 40-bit encryption protocol to protect them.
“Today it’s very easy for us to clone these key fobs in a matter of seconds”, says Lennert Wouters, a researcher at KU Leuven in a statement.
“We can completely impersonate the key fob and open and drive the vehicle”.
In response, the car manufacturer rewarded the university researchers with a US$10,000 bounty and released a software update last month which enables two-factor authentication with a PIN code from within the vehicle.
As long as Model S owners update their software and use their new key fobs they should be safe from any types of attacks. Customers who don’t install the new software or use their old key fobs are still vulnerable.
Ironically, in the past, Tesla’s CEO, Elon Musk, stated that preventing a fleet-wide hack is Tesla’s top security priority.
The electric vehicle company also added KU Leuven researchers to its Hall of Fame for their work in finding this security vulnerability.
Written by Leah Alger