A team of academic hackers from a Belgian university, KU Leuven, found out that the Tesla Model S (shipped before June) can be stolen, in seconds, by just cloning its key fob. With Tesla providing the best defense mechanism in the auto security world, this attack is particularly significant.
Tesla Model S involves a back-and-forth protocol to facilitate communication. This requires the attackers to first sniff out the car’s Radio ID, and then relay the ID broadcast to a victim’s key fob to listen to the response, typically from within a short distance. If the attacker manages to tap the back-and-forth responses twice, then, he will be able to deduce the cipher code that encrypted the fob’s responses.
The cloned key can now unlock and start the engine. But the fairly theft-resistant Tesla cars with an always-on GPS may not let the thief hold on to the vehicle for long, or drive too long. However, in light of the research that uncovered a loophole in the less sophisticated auto security in Model S of Tesla, the company has added a two-factor authentication to the affected models. A PIN password would be required to start the vehicle.
The key fob of Tesla, packed with lean processor power, limits the strength of the encryption that can be applied to the signals. This anyhow has shed some light on the less standard fixes like the PINs or RF-blocking key wallets as second-factor, and it is worth turning-on knowing that these attacks are now unavoidable.