Fast, Furious and Insecure: Modern Supercars

A team of researchers at the KU Leuven university in Belgium demonstrated how Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob. High-end vehicles are often equipped with a Passive Keyless Entry and Start (PKES) system. These PKES systems allow to unlock and start the vehicle based on the physical proximity of a paired key fob; no user interaction is required.

Researchers have already shown these systems to be particularly vulnerable to relay attacks. In this type of attack two adversaries relay the short-range communication over a long-range communication channel. Recent news reports and home security videos have shown that relay attacks are frequently used to steal luxury vehicles. Distance bounding mechanisms are gradually being deployed to preclude relay attacks.

The goal of the research was to evaluate the resistance of a modern-day PKES system to attacks other than relay attacks. They have completely reverse engineered the PKES system used in the Tesla Model S. The research shows that this system is using the outdated proprietary DST40 cipher.