Tesla has taken plenty of innovative steps to protect the driving systems of its kitted-out cars against digital attacks. It's hired top-notch security engineers, pushed over-the-internet software updates, and added code integrity checks. But one team of academic hackers has now found that Tesla left its Model S cars open to a far more straightforward form of hacking: stealthily cloning the car's key fob in seconds, opening the car door, and driving away.

A team of researchers at the KU Leuven university in Belgium on Monday plan to present a paper at the Cryptographic Hardware and Embedded Systems conference in Amsterdam, revealing a technique for defeating the encryption used in the wireless key fobs of Tesla's Model S luxury sedans. With about $600 in radio and computing equipment, they can wirelessly read signals from a nearby Tesla owner's fob. Less than two seconds of computation yields the fob's cryptographic key, allowing them to steal the associated car without a trace. "Today it’s very easy for us to clone these key fobs in a matter of seconds," says Lennert Wouters, one of the KU Leuven researchers. "We can completely impersonate the key fob and open and drive the vehicle."

Just two weeks ago, Tesla rolled out new antitheft features for the Model S that include the ability to set a PIN code that someone must enter on the dashboard display to drive the car. Tesla also says that Model S units sold after June of this year aren't vulnerable to the attack, due to upgraded key fob encryption that it implemented in response to the KU Leuven research. But if owners of a Model S manufactured before then don't turn on that PIN—or don't pay to replace their key fob with the more strongly encrypted version—the researchers say they're still vulnerable to their key-cloning method.

Keys to the Kingdom

Like most automotive keyless entry systems, Tesla Model S key fobs send an encrypted code, based on a secret cryptographic key, to a car's radios to trigger it to unlock and disable its immobilizer, allowing the car's engine to start. After nine months of on-and-off reverse engineering work, the KU Leuven team discovered in the summer of 2017 that the Tesla Model S keyless entry system, built by a manufacturer called Pektron, used only a weak 40-bit cipher to encrypt those key fob codes.

The researchers found that once they gained two codes from any given key fob, they could simply try every possible cryptographic key until they found the one that unlocked the car. They then computed all the possible keys for any combination of code pairs to create a massive, 6-terabyte table of pre-computed keys. With that table and those two codes, the hackers say they can look up the correct cryptographic key to spoof any key fob in just 1.6 seconds.

In their proof-of-concept attack, which they show in the video below, the researchers demonstrate their keyless-entry-system hacking technique with a hardware kit comprising just a Yard Stick One radio, a Proxmark radio, a Raspberry Pi minicomputer, their pre-computed table of keys on a portable hard drive, and some batteries.

First, they use the Proxmark radio to pick up the radio ID of a target Tesla's locking system, which the car broadcasts at all times. Then the hacker swipes that radio within about 3 feet of a victim's key fob, using the car's ID to spoof a "challenge" to the fob. They do this twice in rapid succession, tricking the key fob into answering with response codes that the researchers then record. They can then run that pair of codes through their hard drive's table to find the underlying secret key—which lets them spoof a radio signal that unlocks the car, then starts the engine.

That whole attack chain, the researchers say, is possible thanks to the Pektron key fob system's relatively weak encryption. "It was a very foolish decision," says KU Leuven researcher Tomer Ashur. "Someone screwed up. Epically."