Imec researchers unveil flaw in Tesla's Keyless Entry System: Page 2 of 2

November 25, 2020 //By Christoph Hammerschmidt
Imec researchers unveil flaw in Tesla's Keyless Entry System
The fact that keyless entry systems are easy to crack has become common knowledge in the automotive industry: To hack such a system, most models do not require any cryptographic knowledge at all, but only a radio range extender. Tesla wanted to do it smarter. But that did not work either. A team from COSIC, a division of the Belgian research center Imec, discovered serious weaknesses in Tesla's Model X.

With the ability to unlock the car, they could then connect to the OBD diagnostic interface normally used by service technicians. Due to a weakness in the implementation of the pairing protocol, they could pair a modified key fob with the car, which would then even give them permanent access and the ability to drive off with the car at any time - and thus gain much more control over the vehicle than was the case with the known weakness of conventional keyless entry systems, at least until recently - which normally cannot be restarted after the car is parked.

The proof-of-concept attack was implemented with a homemade device built from low-cost equipment: A Raspberry pi-computer ($35) with a CAN protection shield ($30), a modified keychain, an ECU from a recovery vehicle ($100 on eBay) and a LiPo battery ($30).

The Belgian researchers informed Tesla on August 17, 2020 about the problems. Tesla confirmed the weaknesses, rewarded their findings with an error bonus and began work on security updates. As part of the 2020.48 software update that is now being released, a firmware update will be downloaded to the keychain.

The same research group had previously hacked the keyless entry system of the Tesla Model S. In the Model X, the carmaker had strengthened the security measures - with limited success, as has now been shown.

More information:

Related articles:

Bluetooth LE-based passive keyless entry locks out car thieves

Car designers stress security at developers meeting

BMW, NXP launch next-generation digital car key

NXP, Volkswagen demo UWB application fields in the car

Honda-funded project attacks keyless entry security issue



Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.