Tesla Model S Key Fob Hacked in Two Seconds
Researchers from KU Leuven (Catholic University of Leuven) have demonstrated how to hack the key fob of a Tesla Model S electric car in less than two seconds using equipment costing just $600. This attack allows an intruder to unlock the car and drive away. The team presented their findings at the Cryptographic Hardware and Embedded Systems conference and shared details with Wired magazine.
How the Hack Works
The vulnerability lies in the weak cryptography and encryption used in the key fobs supplied with Tesla vehicles. During their experiments, the researchers used a simple set of tools: a Yard Stick One dongle, a Proxmark device, and a Raspberry Pi. The total cost for this setup was only $600.
To lock or unlock the car, Tesla Model S key fobs send an encrypted signal based on a cryptographic key to the carβs radio system. However, the fobs (manufactured by Pektron) use 40-bit encryption for these messages. By modern cryptographic standards, this is considered very weak and can be cracked.
The researchers generated all possible keys for code pairs and created a 6 GB table containing every possible combination. They then cloned the codes by attacking a nearby working key fob and forged the keys. On average, the entire process took just 1.6 seconds. A video demonstration of the attack was also provided.
Teslaβs Response and Fixes
The researchers notified Tesla engineers about the issue back in August 2017. Tesla acknowledged the problem and rewarded the team with $10,000 as part of their bug bounty program.
The cryptographic vulnerability was fully addressed only in June 2018, meaning cars sold after that date are not affected. For other Tesla vehicles, the company released a software update to enhance security. Notably, a new feature was introduced allowing owners to protect their cars with two-factor authentication by entering a special PIN code.
Tesla representatives also told journalists that they are working with key fob suppliers to strengthen cryptographic standards. After the software update, owners will have the option to switch to new, more secure devices if they wish.