Hackers have learned to open Tesla and McLaren in two secondsSeptember 11, 2018
Security experts found the vulnerability of the keyless access system in Tesla and McLaren
A team of researchers from the Catholic University of Leuven in Belgium found a vulnerability in the keyless access system on Tesla electric vehicles and McLaren supercars: they managed to clone keys.
Specialists of the research group on computer security and industrial cryptography (COSIC) have developed a method of attacking the contactless access system of the English company Pektron, which is used on Tesla electric cars, McLaren supercars and Triumph motorcycles. A student at the University of Leuven, Lennart Wuthers, made a report on this at the CHES cryptographic conference in Amsterdam.
Hackers analyzed the protocol of radio traffic between the machine and the key: it turned out that it passes in two stages. Electronics on board the machine, like a radio beacon, constantly sends on the air a weak signal with the identifier of the car. If the receiver in the key received the signal of “its” machine, it sends the answer: the second stage begins.
During the second phase, the machine sends a random parcel of 40 bits. The block inside the key hashes it with the help of the recorded inside the switch, and generates a reply of 24 bits in length. The unit aboard the car performs the same operation: if the hash received from the key coincides with the calculated on board, the car opens.
Hackers found out that there is no authentication at the first stage – thus, an attacker can form a response, and immediately start the second stage with the exchange of keys. But the main vulnerability lies in the second phase.
The Belgians found that to turn the source parcel into a code response, the obsolete DST40 algorithm is used. His vulnerability in 2005 showed the team of Professor Evi Rubin from the University of Information Security of Johns Hopkins. The Americans then were able to completely recreate the work of the algorithm.
In the process Rubin’s team found out that to calculate the correct cipher key only two times to send a random parcel, both times writing down a wireless key generated response. If you use the so-called “rainbow tables” – a list of pre-computed “request-response” pairs – then it takes only a couple of seconds to find the key. In turn, you can create a “rainbow table” for a few hours of work of a special brute-force board.
Specialists from COSIC assembled a prototype for an attack, consisting of low-cost components: a single-board computer Raspberry Pi 3 Model B +, radio modules Proxmark3 and Yard Stick One, as well as a powerful battery. Access to iridescent tables on a remote disk was carried out via Wi-Fi.
Below you can see a video with an example of an attack.
Step 0: The attacker writes a beacon signal with a two-bit machine identifier • Step 1: The attacker “pretends to be a car” and twice translates the key to a 40-bit packet, and then writes a 24-bit response. Step 2: The attacker searches for the matching cipher key on the rainbow tables “: The first” request-response “pair allows to reduce the number of variants to 2 ^ 16, the second – to find the only valid key • Step 3: An attacker simulates a real wireless key, and can use the machine
Specialists from the Catholic University of Leuven tried the technique only on the Tesla Model S electric vehicle. But judging by the documentation, similar equipment from Pektron is used on McLaren and Karma cars, as well as Triumph motorcycles. Because of this vulnerability, Tesla added a startup function to its machines after entering the PIN code – this option is recommended for all owners of Tesla.
Owners of other machines with the Pektron system hackers from Leuven recommend either to hold the keys in a metalized casing that excludes the radio exchange, or to modify the key itself – add a radio button to turn off the radio module.