Tag Archives: Keyless Entry

Researchers Hack Tesla Key Fob in 2 Seconds

Researchers have figured out how to hack a Telsa’s key fob in under two seconds.  That’s impressive.  Remotely.  I think in this case remotely means that they do not have to touch the fob or the car, but they have to be pretty damn close to it – in radio range of the fob.  Still, it is not particularly hard to be nearby the car.

The researchers say that the technique should work on any keyless entry system, but maybe that isn’t quite true.

Tesla’s keyless entry system is made by Pektron and they are using relatively weak encryption.  We have actually seen this exact problem with other cars like the system that VW uses and sells to many other manufacturers (which I have written about in the past).  So if may be fair that other manufacturers have similar problems, but not necessarily the same.  But maybe not all.

Because computers are fast and can support a lot of data, the researchers made a table of all 2 to the 16th possible encryption key codes.  That is only 6 terabytes – a disk that you can easily put on a PC, never mind a more powerful computer.

Then you need about $600 of hardware to intercept the owner unlocking the car.  You get the encrypted code that way.

Then all you have to do is scan this table that you built to find the matching entry and voila, you can clone the fob.  This MAY BE true for other manufacturers as well.  As I recall, the VW hack was even easier.

Telsa attempted to defend itself by saying that other car makers have crappy security too.  Not much of a defense.

So what do you do?

First, maybe passive entry is not the most secure thing in the world, so do you really NEED it, or is it just a cool toy.

Second, make sure that your insurance will replace your car if it is stolen in this manner.

In the case of Telsa, they warned their customers to disable passive entry.  That may be an option for other cars too.  If you can disable it, do so.

Telsa has created a new key fob that you can BUY, but you need to upgrade the software in the car first.  The software is free, the fob is not.  Still, if it is reasonably priced, you should probably do it.

Owners of other vehicles should check with the dealer for updates and probably scan Google periodically to see if their particular system has been hacked.

Telsa has also added a PIN code to its alarm system, but you have to enable it.

Generally, there is a trade off between security and convenience.  This is an example of it.    

Check the options in your car and select, maybe, the most secure one instead of the easiest.  Typically the dealer will explain the easiest one because that is also the coolest one.  Leaving the key in the car is also easy, but I don’t recommend that either.

Unless you are ready to buy a new car.  In which case, what color do you like?

Information for this post came from Motherboard.


Facebooktwitterredditlinkedinmailby feather

VW Vulnerability Affects Almost Every VW Sold Since 1995

A few years ago, computer researchers discovered a problem with the VW keyless ignition system.  VW sued the researchers rather than fixing the problem and delayed the release of the information about the vulnerability for two years.   In VW’s defense, maybe it was difficult to close the vulnerability and it certainly would take time.

Apparently that ticked off the researchers, so they continued to dig and now they have found two other vulnerabilities – this time it affects the door locks of a hundred million cards.

The vulnerability affects almost every VW sold since 1995.

Researchers at the Usenix Security Conference revealed two different vulnerabilities.  One would allow attackers to unlock almost every car VW has sold in the last 20 years;  the other affects other brands too – ones that use the VW system – like Alfa Romeo, Fiat, Ford, Mitsubishi, Nissan and others.

The two attacks are relatively easy to do – intercept the radio signal and clone it.  You could do it with a laptop or an Arduino board shown below (Photo from Wired Magazine).

VW Hack

The first hack, the one that affects the VW cars, is vulnerable because VW hard coded a secret key into the car.  When you press the button to unlock the car, it sends a car unique code – the same code every time.  The attacker’s laptop or Arduino combines the unique code with the secret code and voila.  You own the car.

Apparently there is more than one secret key, but only a  handful.  The four most common keys will unlock almost a hundred million cars,  The VW Golf 7 is different in that it uses a unique key!

The second attack breaks the HiTag2 crypto system.  It apparently uses  rolling set of keys that changes unpredictably with every button press.  The researchers say that they found a vulnerability in HiTag2 which allows them to break in within 60 seconds.

The HiTag2 system is almost 20 years old and the manufacturer, NXP,  told car companies to replace it, but, apparently, VW hasn’t listened to them – yet.

While this particular hack only allows hackers to unlock your car and steal all of its contents with no tell tale signs – something that has been stumping cops for years – it could be combined with other hacks to steal the car as well.

The challenge is that for those 100 million cars, they may wind up being vulnerable until they are crushed unless VW can come up with a fix.

One workaround would be to disable the key fob, if that is possible, and lock and unlock the car with a metal key.  Security. Convenience. Pick one.  If your car or your possessions wind up being stolen as a result of this hack, your convenience factor might change.

Information for this post came from Wired.

Facebooktwitterredditlinkedinmailby feather

Do you keep your car keys in freezer? Maybe you should!

A recent Network World article talks about the world of high tech auto theft.

Using a $17 amplifier, thieves were able to boost the signal between your car and your key fob sitting on the kitchen table and convince your car to open up.

The article has links to several other articles including one that talks about cloning a high end BMW with a blank key in less than 3 minutes.  Break a window (and block the alarm going off too), plug something into the diagnostic port near the steering wheel and clone the key.  Then just plug it in and drive off.  Apparently hundreds of BMWs have been stolen this way in Europe.

And the freezer?  Apparently the freezer acts as a shield for the radio waves and the amplifiers don’t work.

I suspect this is more difficult that it seems and requires a degree of skill, but given the payoff for stealing the car – the crooks are working on it.  And the cops don’t seem to have a handle on it – sometimes blaming the car owner for leaving the car unlocked.

In one video, the crook opened the car, stole a laptop out of the back seat and a $15,000 custom bicycle out of the hatch.  This problem is easy to solve – don’t leave valuables in your car.  Oh, and the considerate crook even locked the car again when he left.  All caught on video.


Facebooktwitterredditlinkedinmailby feather