Two weeks shy of a year ago, researchers revealed a serious flaw in the security of Tesla's vehicles. With little more than some standard radio equipment, they were able to defeat the encryption on a Model S's keyless entry system to wirelessly clone the sedan's key fob in seconds, unlocking a car and driving it away without ever touching the owner's key. In response, Tesla created a new version of its key fob that patched the underlying flaw. But now, those same researchers say they've found yet another vulnerability—one that affects even the new key fobs.

In a talk at the Cryptographic Hardware and Embedded Systems conference in Atlanta today, researcher Lennert Wouters of Belgian university KU Leuven revealed that his team has again found a technique capable of breaking the Model S key fob's encryption. That would allow them to again clone the keys and stealthily steal the car. Wouters notes the new attack is more limited in its radio range than the previous one, takes a few seconds longer to perform, and that the KU Leuven researchers haven't actually carried out the full attack demonstration as they did last year—they've just proven that it's possible. But their analysis was convincing enough that Tesla has acknowledged the possibility of thieves exploiting the technique, rolling out a software fix that will be pushed out over-the-air to Tesla dashboards.

The insecurity of keyless entry systems isn't limited to Tesla.

Wouters says the vulnerability of the key fob, manufactured by a firm called Pektron, comes down to a configuration bug that vastly reduces the time necessary to crack its encryption. Despite Tesla and Pektron's upgrade from easily broken 40-bit encryption in the previous versions to far more secure 80-bit encryption in the newer key fobs—a doubling of the key length that ought to have made cracking the encryption about a trillion times harder—the bug allows hackers to reduce the problem to simply cracking two 40-bit keys. That shortcut makes finding the key only twice as hard as before. "The new key fob is better than the first one, but with twice the resources, we could still make a copy, basically," Wouters says. Pektron did not return a request for comment.

The good news for Tesla owners is that unlike in 2018, the newer attack can be blocked with a software update rather than a hardware replacement. Just before KU Leuven revealed its initial key fob attack last year, Tesla rolled out a feature that allowed drivers to set a PIN code on their cars that must be entered to drive them. But the more complete fix for the attack required both installing a security update pushed to Tesla vehicles and also buying a new key fob.

In this case, Wouters says, Tesla is again pushing a security update to its keyless entry modules. But this one can also reach out wirelessly from those modules to the key fobs, changing their configuration via radio. "I do think the way Tesla fixed it this time is pretty cool," says Wouters. "That's something that I don't think any other car manufacturer has ever done before, or at least not publicly." Tesla implemented the same fix to key fobs for all new Model S vehicles last month, so anyone who bought a Model S since then doesn't need to update. Other vehicles like the Model X and Model 3 aren't affected, Wouters says, since they don't use the same Pektron key fobs.

In a statement to WIRED, a Tesla spokesperson writes that it has seen no evidence that the key-cloning technique has been used in any thefts. "While nothing can prevent against all vehicle thefts, Tesla has deployed several security enhancements, such as PIN to Drive, that makes them much less likely to occur," the statement reads. "We’ve begun to release an over-the-air software update (part of 2019.32) that addresses this researcher’s findings and allows certain Model S owners to update their key fobs inside their car in less than two minutes. We believe that neither of these options would be possible for any other automaker to release to existing owners, given our unique ability to roll out over-the-air updates that improve the functionality and security of our cars and key fobs.”