[ad_1]
The researchers demonstrated an attack technique that allows criminals to unlock a Tesla Model S vehicle in just two seconds.
The problem lies in the Tesla Model S sedan's wireless keychains. Researchers at the KU Leuven University in Belgium have discovered that keychains, which can be used to unlock vehicles, are equipped with cryptography and encryption mediocre.
As stated by Wired, using about $ 600 worth of radio and PC equipment, the team was able to read signals from a Tesla keychain, clone the key, open the car and leave in no time .
Lennert Wouters, a researcher at KU Leuven, said the attack only takes a few seconds.
According to the team, Tesla Model S keychains send an encrypted, cryptographic key based signal to a vehicle's radio system to initiate the lock / unlock process. However, academics have discovered that fobs – manufactured by Pektron – only use 40-bit ciphers to encrypt messages.
In cryptographic circles, this indicates very weak encryption, easy to break.
The researchers were able to calculate all the possible keys for the code pairs and create a 6 TB table of possible combinations. The publication indicates that the codes were cloned from a nearby key ring using the radio kit.
University researchers presented their findings at the Cryptographic Hardware and Embedded Systems conference on Monday.
The automaker was informed of the research last August. After confirming the security problem, Tesla paid academics $ 10,000 as a bonus. However, the encryption problem could not be resolved until June of this year due to security testing and the complexity of the manufacturing process.
Vehicles sold from June of this year are not considered vulnerable.
See also: LuckyMouse uses malicious Windows NDISProxy driver to target government entities
Tesla said in a statement to Wired:
"Due to the growing number of methods that can be used to fly multiple types of cars with passive entry systems, not just Teslas, we have deployed a number of security enhancements to help our customers reduce risk. unauthorized use of their vehicles. "
The spokesman added that Tesla had collaborated with its supplier to reinforce cryptographic standards of June keychains and that a corresponding software update would allow owners of vehicles built before this month to change key if they wish.
TechRepublic: Tesla Autopilot: Quick Reference
Earlier this month, Tesla changed its security and testing guidelines to make it easier to research vulnerabilities in the manufacturer's products.
CNET: 2018 Tesla Model 3 Review
Under the new rules, security experts can register with the company "in good faith" to hunt for bugs, as their vehicles become "registered for search".
This will ensure that Tesla will provide assistance and OTA (Over The Air) updates to cars if their software is damaged during testing.
By the way, last week, a woman from Utah filed a lawsuit against Tesla, claiming $ 300,000 in damages for an accident. The woman, who crashed into a fire truck, claims that the autopilot function of her Tesla Model S "failed to engage as expected" by not stopping before the collision with the obstacle.
Previous and related coverage
Source link
