Imec researchers unveil flaw in Tesla's Keyless Entry System

November 25, 2020 //By Christoph Hammerschmidt
Imec researchers unveil flaw in Tesla's Keyless Entry System
The fact that keyless entry systems are easy to crack has become common knowledge in the automotive industry: To hack such a system, most models do not require any cryptographic knowledge at all, but only a radio range extender. Tesla wanted to do it smarter. But that did not work either. A team from COSIC, a division of the Belgian research center Imec, discovered serious weaknesses in Tesla's Model X.

Tesla’s Model X key allows the owner to unlock his car automatically by approaching the vehicle or pressing a button. In order to facilitate integration with Phone-as-as-key solutions that allow a smartphone app to unlock the car, the use of Bluetooth Low Energy (BLE) in key fobs is becoming increasingly common. The Tesla Model X key fob also uses this technology to communicate with the vehicle.

The researchers from Belgium took a closer look at the Tesla wireless locking system. Using a modified electronic control unit (ECU) from another vehicle of the same type, the researchers were able to wirelessly force key fobs to register themselves as connectable BLE devices at a distance of up to 5 meters. By reverse engineering the Tesla Model X key fob, the experts discovered that the BLE interface allows remote updates of the software running on the BLE chip. However, this update mechanism was not sufficiently secured. Thus, the researchers succeeded in wirelessly compromising a key ring and taking full control of it. "We were then able to obtain valid release messages to release the car later," says Lennert Wouters, a PhD student in the COSIC research group.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.