Stealing a car used to require a blunt object to break one of its windows, and basic electrical knowledge to hot-wire it. Two Belgian security experts discovered an encryption flaw that let them drive away in a Tesla Model S without busting any glass or cutting any wires.
Researchers working at the KU Leuven University in Belgium figured out a relatively simple way to digitally break into a Model S by defeating the encryption in the wireless key fob, according to Wired. It’s a technique that requires about $600 worth of radio and computing equipment, so it’s not something anyone can do with their smartphone, but that’s a small investment considering the price of a Model S. The hardware is used to access the cryptographic key programmed into each fob and copy it, which essentially creates a new key fob. The thieves can thereupon enter any Model S and drive off in it without setting off the alarm.
“Today, it’s very easy for us to clone these key fobs in a matter of seconds. We can completely impersonate the key fob and drive the vehicle,” revealed researcher Lennert Wouters in an interview with Wired. He added figuring out how to hack into a Model S took about nine months.
Tesla awarded the researchers a $10,000 bug bounty when they privately shared their discovery in August of 2017. It then spent nearly a year verifying the technique and developing a fix, which it began rolling out in June of 2018. First, it designed a more secure key fob. That means cars manufactured after that point aren’t affected by the problem.
Earlier models — a vast majority of the ones on the road — received an additional security barrier via an over-the-air software update. This lets owners set a PIN code that must be entered on the car’s touchscreen before it can be driven off. It’s similar to the PIN that protects a smartphone. Wired also points out owners of older models who are concerned about hackers stealing their car can pay for the upgraded key fob.
Wouters and his partner, Tomer Ashur, blame the flaw on a key fob manufactured by British electronics firm Pektron. McLaren, Karma, and Triumph also use Pektron-sourced key fobs so the same hack could allow thieves to break into vehicles made by those brands.
“This attack is out there, and we’re not the only people capable of coming up with it,” Ashur warned.