Tesla Model S key fob system is vulnerable to spoofing attacks, Craig Smith, Rapid7’s research director of transportation security, commented below on this report. According to reports, researchers identified a flaw which would allow attackers to steal a Tesla simply by walking past the owner and cloning his/her key. The malicious actor would have to first identify the car’s radio ID, then relay that broadcast to a victim’s key fob and listen for the response, typically from within three feet of it. If they can carry out that back-and-forth twice, the attacker can work back to the secret key powering the fob’s responses, letting them unlock the car and start the engine.
Craig explains that the attack scenario itself isn’t overly surprising, but the way in which Tesla patched the vulnerability remotely and its response to the issue is worth noting.
Craig Smith, Research Director of Transportation Security at Rapid7:
“What’s most interesting about this potential attack scenario is not the vulnerability itself, but more that Tesla was able to fix it remotely. Key fob attacks have happened in the past, but usually key fobs are not updatable, meaning they can never be fixed. This is the first time I’ve seen a key fob vulnerability being fixed remotely without a recall and is a sign that the automotive industry is transitioning into a much better position from a cybersecurity standpoint.
In this case, we have very strong academic researchers who discovered a complex issue and brought it to the manufacturer. The company identified the problem and pushed a fix to all Tesla customers, which is exactly the way we want to see security happen.”