Kudos to Tesla and the COSIC Group at KU Leuven
Recently the Computer Security and Industrial Cryptography (COSIC) research group at KU Leuven, a research university in Belgium, did a neat trick. In seconds they cloned a key fob and used it to enter and drive away with a Tesla Model S.
The video, which shows the proof of concept attach in action with a Raspberry Pi 3 Model B+, Proxmark3, Yard Stick One and a USB battery pack.
To understand the attack, one must first understand how the car and key fob work together. In short, the car broadcasts an ID, in a wake signal in the diagram below. The key fob replies when in range, signaling that it is ready to receive a challenge. The car then sends a 40-bit challenge, waiting for a 24-bit reply. Upon verification of that reply, the car unlocks and prepares to be driven.
Getting the decryption part of the attack down to something doable in a reasonable timeframe took a couple things. One was the nature of the DST40 cypher itself, which was cracked in 2005 by Bono et al with an FPGA cluster with which they exhaustively search they 40-bit key.
Which brings us to the second factor, being able to do a TMTO (Time-Memory Trade-Off) attack – essentially using a pre-computed array to accelerate decryption, an approach which works well but can require very large tables/files. In this case, even with an old and outdated cypher, they still had 5.4TB of data. Get the full story straight from the source, Fast, Furious And Insecure: Passive Keyless Entry And Start In Modern Supercars.
Here where the kudos for Tesla come in. They have what appears to be a decent Bug Bounty program in place (and it is reported that they paid out to COSIC for this one). Their Bug Crowd site even specifies which systems are in scope (Tesla products that you own, their corporate website etc) and which systems are out of scope, including their IR site and Marketo instance.
I have always been a big fan of bug bounty programs, especially ones that are run in a legitimate way and which are responsive to security researchers and actually pay when they promise to pay.
Some of the takeaways from all this include that responsible disclosure works and both vendor and researcher communities that play nicely with others and follow the rules deserve commendation and support. These are the people who on the operational end of things help ensure that theoretical security translates into real security.
One lesson that seems to never really get learned once and for all is that security by obscurity is not a viable approach. While the automotive manufacturer ultimately needs to be responsible for the security of their products, suppliers of key components such as Pektron and their automotive security systems need to play an active role here as well.