Researchers claim to have discovered a new attack method that can be used to quickly clone the wireless key fob of Tesla Model S and possibly other vehicles.
The Passive Keyless Entry and Start (PKES) system is used by many high-end cars to unlock the doors and start the engine. The system relies on a paired key fob that needs to be in proximity of the vehicle.
PKES has been known to be vulnerable to relay attacks, which have been used to steal luxury vehicles. These attacks involved relaying messages between the car and the smart key by placing one hacking device near the key and one device in proximity of the car. This allows an attacker to open the door and start the engine even if the key is at a considerable distance from the vehicle. However, in these relay attacks, the car can only be unlocked and started once, while the legitimate key fob is in range.
A team from the COSIC research group at the KU Leuven university in Belgium has discovered a new attack method that can be used to clone key fobs in just seconds. Cloning a fob then allows the attacker to open and start a car whenever they wish.
“During normal operation the car periodically advertises its identifier. The key will receive the car’s identifier, if it is the expected car identifier the key fob will reply, signaling it is ready to receive a challenge,” the researchers explained in a blog post. “In the next step the car will transmit a random challenge to the key fob. The key fob computes a response and transmits it. After receiving the key fob’s response, the car must verify it before unlocking the doors. The same challenge response protocol is repeated to start the car.”
The team noted that there are several security issues during this process. For instance, there is no mutual authentication, allowing anyone to get a response from the key fob if they know the vehicle’s identifier, which is broadcasted by the vehicle and is easy to record.
There are also some crypto-related issues. Responses are computed using DST40, an outdated proprietary cipher that uses a 40-bit secret cryptographic key. Researchers showed more than a decade ago that the cryptographic key can be recovered using at least two challenge response pairs.
The attack described by KU Leuven researchers has four major phases. In the first phase, the attacker obtains the targeted vehicle’s identifier, which is transmitted periodically. The identifier is then used to impersonate the vehicle and send two challenges to the key fob.
The response pairs are captured and the 40-bit encryption key can be recovered, allowing the attacker to impersonate the fob and unlock and start the car.
An attack can be conducted using Proxmark 3, a $400 tool designed for RFID analysis, from a distance of 1 meter (3 feet). However, experts believe the distance can be increased to up to 8 meters (26 feet) if purposely build antennas and transmission hardware are used.
This research focused on the PKES system used in the Tesla Model S. However, the analyzed PKES system is made by Pektron and is used by several other manufacturers, including McLaren, Karma and Triumph, which means their vehicles could be affected as well.
Tesla has worked with the researchers to implement measures that should prevent attacks, but none of the other companies responded to attempts to report the flaws.
Tesla was first notified of the vulnerability in August 2017 and the company addressed the issue in recent weeks by rolling out improved cryptography for key fobs and introducing an optional feature called “PIN to Drive,” which requires a PIN to be entered on the central console before the vehicle can be driven.
In general, these types of attacks can be prevented by keeping the key in a special box or pouch that blocks RF transmission. However, this defeats the purpose of the keyless entry and start system.
The researchers do not plan on making public any of the tools they have developed, but a paper containing technical details will become available soon.