The Tesla Model S could be easily stolen, skipping the security implemented in the car keys. It is the discovery of a group of researchers from the KU Leuven University in Belgium, who managed to "crack" the security key with a trick.
A modern and advanced car like the Tesla doesn't open just like that. The driver identification process involves the communication of an encryption key; A copy remains in the "key" itself, and the car continuously checks if it is nearby. That is why it is able to ignore other keys with other encryption keys.
It is an effective method that allows not having to take the key out of the pocket to open the doors and start the car; but as it is being shown, it is not entirely safe. Criminals are adapting to these types of challenges, even deciphering the security key.
The Telsa key could be easily cloned
The vulnerability discovered by researchers allows just that, get the key and open the car as if it were ours. Unlike other methods, that implies that the attacker can open the car whenever he wants, since he will have a copy of the key. The only way to avoid theft then would be to change the key, but that is only possible if we realize what has happened of course; and the demonstrated attack method makes that difficult.
The Tesla key uses an 80-bit encryption key; therefore, it would be very difficult to deface her with "brute force" methods, that is, trying again and again the right combination. Instead, the researchers discovered that they could simply divide the key into two, 40 bits each. That makes it much easier to "crack" the key; the complexity of the key decreases and current computer equipment would be capable of the task, as explained in Wired.
To get the key this way, the attacker would have to get closer to the car than with other methods, and remain by your side for several seconds; something that could arouse suspicion or activate the car's sentinel mode. But after that time, the attacker would have a copy of the key and could unlock the car and run away with him.
The good news is that both Tesla and Pektron, the key maker, were warned of this vulnerability prior to publication. Tesla published the update last month, and the company recommends its installation if we have not done so yet. A simple software change is enough to block this attack, so you don't need to change the key.
Researchers have praised Tesla's speed, but warn that this is only the beginning. Other models and other manufacturers may be vulnerable to similar attacks; especially considering that most brands do not develop their own systems, but that they buy them from third parties, as is the case with Tesla. Therefore this bug It could be more widespread than it seems. This is the second similar case in a year, after a method was discovered in 2018 to clone the Tesla key.
Cloning keys is becoming one of the most common methods to steal cars, especially if they are fancy or premium. Not long ago, a video was released in which some suspected thieves are shown expanding the reach of the key to make a Tesla believe that its owner was nearby.