Last year, researchers discovered a vulnerability in the Tesla Model S key fob that would’ve allowed thieves to clone it in just a couple of seconds. The automaker and the key fob’s manufacturer, Pektron, created a new version that upgrades its 40-bit encryption to an 80-bit one to make it harder to crack. But now Lennert Wouters of Belgian university KU Leuven has revealed (as reported by Wired) that it’s still possible to wirelessly crack the new key fob’s encryption.
Apparently, the vulnerability allows hackers to break the 80-bit encryption by cracking two 40-bit keys instead. The new attack has a shorter range than the first, and it takes a bit longer than a couple of seconds, but it’s still doable. Model S owners don’t have to worry about bad actors using the flaw to break into their cars, though — all they have to do is upgrade their fobs. Tesla has already fixed the issue, and unlike last year, it doesn’t require new hardware. The automaker has started rolling out an over-the-air software update for existing key fobs. In fact, it already implemented the change for all newly manufactured Model S vehicles last month, so new owners don’t even have to upgrade.
Wouters was impressed by the way Tesla handled the problem, but he warns that plenty of other cars’ key fobs are vulnerable to similar encryption-cracking techniques. Especially since most automakers get their key fobs from third-party manufacturers, and some of them aren’t capable of pushing over-the-air updates like Tesla is.
As for Tesla, the automaker seems to be confident that its vehicles are secure enough. A spokesperson pointed out in a statement to Wired that the company introduced a PIN to Drive feature last year that gave owners a way to prevent anybody from driving their vehicles if they can’t key in the right PIN.
The spokesperson said:
“While nothing can prevent against all vehicle thefts, Tesla has deployed several security enhancements, such as PIN to Drive, that makes them much less likely to occur. We’ve begun to release an over-the-air software update (part of 2019.32) that addresses this researcher’s findings and allows certain Model S owners to update their key fobs inside their car in less than two minutes. We believe that neither of these options would be possible for any other automaker to release to existing owners, given our unique ability to roll out over-the-air updates that improve the functionality and security of our cars and key fobs.”