Scary news for Tesla owners. Via Wired:
A team of researchers at the KU Leuven university in Belgium on Monday plan to present a paper at the Cryptographic Hardware and Embedded Systems conference in Amsterdam, revealing a technique for defeating the encryption used in the wireless key fobs of Tesla’s Model S luxury sedans. With about $600 in radio and computing equipment, they can wirelessly read signals from a nearby Tesla owner’s fob. Less than two seconds of computation yields the fob’s cryptographic key, allowing them to steal the associated car without a trace. “Today it’s very easy for us to clone these key fobs in a matter of seconds,” says Lennert Wouters, one of the KU Leuven researchers. “We can completely impersonate the key fob and open and drive the vehicle.”
In their proof-of-concept attack, which they show in the video below, the researchers demonstrate their keyless-entry-system hacking technique with a hardware kit comprising just a Yard Stick One radio, a Proxmark radio, a Raspberry Pi minicomputer, their pre-computed table of keys on a portable hard drive, and some batteries.
First, they use the Proxmark radio to pick up the radio ID of a target Tesla’s locking system, which the car broadcasts at all times. Then the hacker swipes that radio within about 3 feet of a victim’s key fob, using the car’s ID to spoof a “challenge” to the fob. They do this twice in rapid succession, tricking the key fob into answering with response codes that the researchers then record. They can then run that pair of codes through their hard drive’s table to find the underlying secret key—which lets them spoof a radio signal that unlocks the car, then starts the engine.
Each Friday is PiDay here at Adafruit! Be sure to check out our posts, tutorials and new Raspberry Pi related products. Adafruit has the largest and best selection of Raspberry Pi accessories and all the code & tutorials to get you up and running in no time!