Due to the vulnerability in the Tesla electric vehicle protection system, you can hijack a car in a few seconds

Electronic key Tesla

Electric vehicles from Tesla can rightfully be called a computer system, not a car. These cars are just stuffed with electronics. Some electronic components are designed to prevent car theft, and the Tesla protection system is considered to be quite serious. Electric cars regularly receive safety updates, which improves vehicle security.

But the other day, a group of information security specialists showed that there is no need to smash into a closed door - there is a fairly simple way to bypass the protection. We are talking about the Tesla Model S, the keychain of which can be simply copied (not the keychain itself, but its digital imprint), open the electric car and leave. The method is not new, but few people expected that it can be applied to the latest developments of Tesla.

A team of researchers from the University of Leuven (Belgium) reported on the study at the conference Cryptographic Hardware and Embedded Systems, held recently in Amsterdam. In particular, a technology was presented that helped bypass the Tesla model S key cryptographic protection. As it turned out, much is not required - the cost of equipment for hacking was about $ 600. The system consists of two elements - a radio sniffer that reads the signals from Tesla key fobs and, in fact, a system that bypasses the protection and copies the signal.

“Nowadays, it is very easy to carry out such an operation - this is a matter of several seconds. We can depersonalize a key chain and drive an electric car without any problems, ”said one researcher. All about everything takes only about two seconds, and the copying of the key can not be traced.

It is worth noting that two weeks ago, Tesla introduced a new systemType "anti-war" for Model S, which allow you to set a PIN on the control panel of the car. Without the correct code, the car simply will not go anywhere. According to representatives of Tesla, electric cars, released after June of this year, no longer have the vulnerability discussed above. In particular, the company was able to improve the key cryptographic protection, so that deciphering the data now if possible, but not using the method described above.

However, network security experts believe that if the PIN is not set, the car can still be hijacked - a method of hacking and current cryptography will be developed sooner or later.

As for the key itself, the principle of its operation is similar to the principle of the keys of many other cars with an automatic ignition system. The key sends a radio signal with a code that is received by the car. Further, if the cryptographic key is correct, the ignition system is triggered and the owner gets into the already established car.

In 2017 it turned outthat the key protection is weak, the key is 40-bit, and it can be cracked. It is worth noting that in order to obtain this information, enthusiasts had to spend nine months on reverse engineering. The researchers found that when receiving two codes from any of the keys, you can try to pick the right key until the car opens. The researchers then calculated all possible combinations of key pairs and created a database of 6 terabytes. With this data, hackers learned how to select the necessary key in just 1.6 seconds.


The craftsmen showed the possibilities of the developed method on the example of a proof-of-concept attack. The equipment they have created consists of elements such as the Yard Stick One, Proxmark, the Raspberry Pi minicomputer and a number of additional elements like portable HDDs and batteries.

The first step is to get the ID of the Tesla target system. The car sends a signal all the time. Then the researchers reproduce the signal within a meter from the owner of the car with the key. The latter responds with a digital signal that is recorded. Well, the last stage - the selection of the desired pair of keys on the base, which was mentioned above. As soon as the selection is completed, the car can be opened.

The researchers reported on their experience with Tesla in 2017, after which they received $ 10,000 as a bug bounty. Why was the problem report just now spread? The fact is that Tesla fixed the problem only in June, and only after that it became possible to reveal all the details.