Tag Archives: Tesla

Researchers Hack Tesla Key Fob in 2 Seconds

Researchers have figured out how to hack a Telsa’s key fob in under two seconds.  That’s impressive.  Remotely.  I think in this case remotely means that they do not have to touch the fob or the car, but they have to be pretty damn close to it – in radio range of the fob.  Still, it is not particularly hard to be nearby the car.

The researchers say that the technique should work on any keyless entry system, but maybe that isn’t quite true.

Tesla’s keyless entry system is made by Pektron and they are using relatively weak encryption.  We have actually seen this exact problem with other cars like the system that VW uses and sells to many other manufacturers (which I have written about in the past).  So if may be fair that other manufacturers have similar problems, but not necessarily the same.  But maybe not all.

Because computers are fast and can support a lot of data, the researchers made a table of all 2 to the 16th possible encryption key codes.  That is only 6 terabytes – a disk that you can easily put on a PC, never mind a more powerful computer.

Then you need about $600 of hardware to intercept the owner unlocking the car.  You get the encrypted code that way.

Then all you have to do is scan this table that you built to find the matching entry and voila, you can clone the fob.  This MAY BE true for other manufacturers as well.  As I recall, the VW hack was even easier.

Telsa attempted to defend itself by saying that other car makers have crappy security too.  Not much of a defense.

So what do you do?

First, maybe passive entry is not the most secure thing in the world, so do you really NEED it, or is it just a cool toy.

Second, make sure that your insurance will replace your car if it is stolen in this manner.

In the case of Telsa, they warned their customers to disable passive entry.  That may be an option for other cars too.  If you can disable it, do so.

Telsa has created a new key fob that you can BUY, but you need to upgrade the software in the car first.  The software is free, the fob is not.  Still, if it is reasonably priced, you should probably do it.

Owners of other vehicles should check with the dealer for updates and probably scan Google periodically to see if their particular system has been hacked.

Telsa has also added a PIN code to its alarm system, but you have to enable it.

Generally, there is a trade off between security and convenience.  This is an example of it.    

Check the options in your car and select, maybe, the most secure one instead of the easiest.  Typically the dealer will explain the easiest one because that is also the coolest one.  Leaving the key in the car is also easy, but I don’t recommend that either.

Unless you are ready to buy a new car.  In which case, what color do you like?

Information for this post came from Motherboard.

 

Facebooktwitterredditlinkedinmailby feather

The Risk of the Insider Threat

Elon Musk, CEO of Tesla, sent an email to all employees over the weekend telling them that the company was hacked by an employee who changed code on an internal product and sent company data outside without permission.

The software, the Tesla Manufacturing Operating System, is likely used internally in the manufacturing process.

The employee created false user names and then modified the software without approval.  He also sent large volumes of sensitive Tesla data to third parties.

This investigation is not over and there is a question about whether outsiders were involved.  There are lots of people who do not like the idea of an electric car, starting with the oil and gas industry and some Wall Street insiders.  The traditional car makers, who seem perfectly willing to lie and cheat to pass emissions test could also be motivated to harm Tesla.

In this particular case, the employee said he was mad because he was passed up for a promotion.  THAT was probably a good move since it is going to be hard for him to work from prison.

This is an important notice for all employers.

Every company, except those with one or two employees, have employees who are not happy.  Would an unhappy employee become a saboteur?  Hopefully not, but the larger the company is, the more likely that at least one person will have a grudge and could, possibly, act on it.

In Tesla’s case, even though this person created fake accounts to try and hide his deeds, the company had sufficient tools in place to uncover the sabotage and figure out who the employee was.

For your company, how much damage could a disgruntled employee do and could you detect it?  How quickly could you repair the damage?  Could you figure out who did the damage in order to prevent a repeat performance?

In today’s world it probably does not take much to get just one employee really peeved and if you have someone outside the company who could motivate that action with money – well you have really increased the odds.

Information for this post came from CNBC.

Facebooktwitterredditlinkedinmailby feather