![\"\"](\"https:\/\/blog.netspark.de\/wp-content\/uploads\/2018\/08\/Tesla-64x64.png\")
If you thought, a high tech car with a value of over\n100’000 US$ cannot be stolen easily, then you’d better
\nnot watch the following video. A team of the catholic
\nUniversity Leuven in Belgium shows how.<\/p>\n
If you thought, a high tech car with a value of over
\n100’000 US$ cannot be stolen easily, then you’d better
\nnot watch the following video. A team of the catholic
\nUniversity Leuven in Belgium shows how.<\/p>\n
With hardware worth 500 US$ you’ll be equipped for your less-than-a-minute-carjacking<\/p>\n
All you need is an antenna (Yard Stick One), an USB-powered minicomputer (Raspberry Pi 3 B+), A software defined radio (Proxmark 3) and a USB powerbank to power it all.<\/p>\n
The backend is a server with a 6 terabytes large database containing various pairing keys.<\/p>\n
The problem is that the Tesla is constantly sending out a wake up signal to identify nearby keys and unlock itself to allow a quick start and ride experience.<\/p>\n
With the antenna you’re good to go and take the signal from about 1m (3ft) distance most likely unnoticed.<\/p>\n
The Raspi is gathering the information about the key and the car and compares them in the database remotely stored on the server.<\/p>\n
This is so fast that it takes only a couple seconds to be performed completely. Rendering the car helpless against your “attack”<\/p>\n
With only little effort you’re good to hijack a 100’000 US$ car.<\/p>\n
Although Tesla has fixed the security leak by introducing a PIN-to-go system in the car, other vehicles are still suject to being instantly hijacked as they also use the same encryption\/decryption method Tesla uses. So are also cars and bikes from McLaren, Karma and Triumph affected.<\/p>\n
The encryption standard DST40 has been declared insecure by 2005 yet it is used in a wide variety of even actual cars, even luxury cars.<\/p>\n
Since there’s no easy fix as the hardware inside the key is too weak to use an alternative encryption system, most companies still rely on DST40 and it’s insecure encryption power. 40 bits are just too weak to offer a good protection and that’s the reason why the TMTO attack (TMTO stands for Time\/Memory TradeOff attack) is so successful and quick.<\/p>\n
The only workaround for the companies mentioned above is to implement a second security system i.e. to start the vehicle using a passcode. But this passcode has to be entered on the vehicle.s console directly as otherwise even that communication sent from the key might be captured and rendering\u00a0 the passcode obsolete.<\/p>\n
So what we learn from this is, that comfort often has a tradeoff with security. The result is what we have now. A rather insecure transmission system for quite expensive vehicles making a theft easier as usual.<\/p>\n
In the upcoming years, these companies will have to check on a new encryption method that is on the one hand lightweight and can be run from the transmitter with just a little more processing power. New small-embedded-systems on specially desigened SoCs should make this possible…<\/p>\n
Watch the video here:<\/p>\n