Researchers have figured out how to hack a Telsa’s key fob in under two seconds. That’s impressive. Remotely. I think in this case remotely means that they do not have to touch the fob or the car, but they have to be pretty damn close to it – in radio range of the fob. Still, it is not particularly hard to be nearby the car.
The researchers say that the technique should work on any keyless entry system, but maybe that isn’t quite true.
Tesla’s keyless entry system is made by Pektron and they are using relatively weak encryption. We have actually seen this exact problem with other cars like the system that VW uses and sells to many other manufacturers (which I have written about in the past). So if may be fair that other manufacturers have similar problems, but not necessarily the same. But maybe not all.
Because computers are fast and can support a lot of data, the researchers made a table of all 2 to the 16th possible encryption key codes. That is only 6 terabytes – a disk that you can easily put on a PC, never mind a more powerful computer.
Then you need about $600 of hardware to intercept the owner unlocking the car. You get the encrypted code that way.
Then all you have to do is scan this table that you built to find the matching entry and voila, you can clone the fob. This MAY BE true for other manufacturers as well. As I recall, the VW hack was even easier.
Telsa attempted to defend itself by saying that other car makers have crappy security too. Not much of a defense.
So what do you do?
First, maybe passive entry is not the most secure thing in the world, so do you really NEED it, or is it just a cool toy.
Second, make sure that your insurance will replace your car if it is stolen in this manner.
In the case of Telsa, they warned their customers to disable passive entry. That may be an option for other cars too. If you can disable it, do so.
Telsa has created a new key fob that you can BUY, but you need to upgrade the software in the car first. The software is free, the fob is not. Still, if it is reasonably priced, you should probably do it.
Owners of other vehicles should check with the dealer for updates and probably scan Google periodically to see if their particular system has been hacked.
Telsa has also added a PIN code to its alarm system, but you have to enable it.
Generally, there is a trade off between security and convenience. This is an example of it.
Check the options in your car and select, maybe, the most secure one instead of the easiest. Typically the dealer will explain the easiest one because that is also the coolest one. Leaving the key in the car is also easy, but I don’t recommend that either.
Unless you are ready to buy a new car. In which case, what color do you like?
Information for this post came from Motherboard.