Researchers show how to clone Tesla S Key Fobs in a few seconds
12.9.2018 securityaffairs Hacking
Researchers demonstrated that it is possible to rapidly clone the wireless key fob of the expensive Tesla Model S and possibly other vehicles.
The team of experts COSIC research group at the KU Leuven University in Belgium has devised a new relay attack against the Passive Keyless Entry and Start (PKES) system that is used by many cars to unlock the doors and start the engine.
Passive keyless entry (PKE) operates automatically when the user is in proximity to the vehicle, it relies on a paired key fob.
We have already discussed relay attacks against PKES used by thieves to steal vehicles. Attackers use relaying messages between the vehicle and the key, to launch the attack they use a hacking device near the key and another one in the proximity of the car. The drawback of such kind of attacks is that the hacker can unlock the car and start the engine only while the legitimate key fob is in range.
A team from the COSIC research group at the KU Leuven university in Belgium has discovered a new attack method that can be used to clone key fobs in a few seconds and use the close to open and start a car everytime they want.
“During normal operation the car periodically advertises its identifier. The key will receive the car’s identifier, if it is the expected car identifier the key fob will reply, signaling it is ready to receive a challenge,” reads a blog post written by the experts.
“In the next step the car will transmit a random challenge to the key fob. The key fob computes a response and transmits it. After receiving the key fob’s response, the car must verify it before unlocking the doors. The same challenge response protocol is repeated to start the car.”
The experts discovered several security weaknesses, the most worrisome one is the lack of mutual authentication, this means that an attacker with the knowledge of the vehicle’s identifier can get a response from the key fob that is broadcasted by the car.
Another severe security issue is that responses are computed using DST40 that is an outdated proprietary cipher that uses a 40-bit secret cryptographic key.
The new attacks technique devised by the experts is composed of the following four phases:
Phase 0: the adversary records one wake frame periodically transmitted by the car to learn the 2-byte car identifier.
Phase 1: the adversary can now impersonate the car and transmits two chosen 40-bit challenges to the key fob and records their respective 24-bit responses.
Phase 2: using the captured challenge response pairs and the TMTO table the 40-bit key can be recovered. The first pair is used to select the correct subset of keys and the second pair is used to find the real key among the approximately 216 candidate keys.
Phase 3: the adversary can now impersonate the key fob and thus unlock and start the car.
The attacker demonstrates that it is possible to use Proxmark 3 RFID analyzer tool from a distance of 1 meter. The distance can be increased to up to 8 meters using custom antennas and transmission hardware are used.
The experts successfully tested the attack on the PKES system used in the Tesla Model S, but highlighted that this PKES system is manufactured by Pektron and is used by many other car vendors (i.e. McLaren, Karma and Triumph).
Tesla has already fixed the problems with the help of the research team.
The experts reported the flaw to Tesla in August and the vendor fixed the problems with their help in the recent weeks.
Tesla rolled out improved cryptography for key fobs and introduced an optional feature called “PIN to Drive,” that requests a PIN to be the driver before the vehicle can be driven.