Tesla’s too easy to steal
A cryptographic research team COSIC from KU Leuven, the Flemish catholic university of Louvain, has discovered that car manufacturer Tesla uses deprecated and unsafe cryptography to automatically open and close its cars.
The so-called keyless entry is already a target for years for criminals. With the proliferation of these systems they have changed their modus operandi to steal cars and and all car brands are suffering from it. Researchers found out that Tesla uses technology that is very easy to hack.
The PKES system (Passive Keyless Entry and Start) that Tesla uses is called ‘DST 40’ and was already outdated in 2005. In this particular case it isn’t even necessary to be in the neighbourhood of the car and the key at the same time and it is fairly easy to clone the key.
“First we moved our antenna around the car”, says Lennert Wouters who has directed the study. “The Tesla Model S emits a signal every second to check if the key is not in the vicinity of the car.”
“We took over that signal and went to the person who had the key in his pocket. There we registered the ‘answer’ and by combining them we could easily crack the cryptographic security.”
How to cure
In August last year the researchers informed Tesla about their findings. “They probably didn’t know this”, says Wouters. The manufacturer checked the findings and donated 10.000 dollar to the university research unit to thank them for their warning.
Since June 2018 Tesla uses another key system that is much more secure, according to the manufacturer, owners of an older Tesla can use the recently introduced automatic software update: they have to switch off the option ‘passive entry’ and activate ‘pin to drive’.
The Louvain researchers also warn that cars from McLaren and Karma Automotive and bikes from Triumph Motorcycles use the same technology and are also in danger.