A team of security researchers has revealed how certain Tesla Model S vehicles can be stolen in just a matter of seconds.
The group, comprised of academics from Belgium’s KU Leuven University, is set to release a paper on the attack Monday at Amsterdam’s Cryptographic Hardware and Embedded Systems conference.
Taking advantage of the Model S key fob’s weak encryption, the attack allows any capable hacker to both open and drive away in the vehicle.
Video of the technique shows how the key fob’s cryptographic key can be stolen in less than 2 seconds using an array of equipment costing roughly $600 dollars.
As outlined by Wired’s Andy Greenberg, the key fob, developed by a company known as Pektron, only uses a 40-bit cipher to encrypt the key fob codes.
“The researchers found that once they gained two codes from any given key fob, they could simply try every possible cryptographic key until they found the one that unlocked the car,” Greenberg writes. “They then computed all the possible keys for any combination of code pairs to create a massive, 6-terabyte table of pre-computed keys. With that table and those two codes, the hackers say they can look up the correct cryptographic key to spoof any key fob in just 1.6 seconds.”
The team says it reached out to Tesla in August 2017 to disclose the issue and was rewarded with a $10,000 bug bounty for their findings.
Late last month Tesla, after looking into the vulnerability, rolled out a new update with anti-theft features for all affected vehicles.
Although newer Model S vehicles are no longer vulnerable, units sold prior to June of this year are required to either pay for a new key fob or enable an in-vehicle PIN code needed to start the vehicle.
Those who do neither, the researchers say, will still be vulnerable to the attack. Although unconfirmed, the team believes other vehicles that rely on Pektron’s key fobs, including certain models of McLaren, could be vulnerable as well.