Cutting edge vehicles’ key fob transponders using ciphers broken since 2005…
A team of cryptography and cybersecurity experts from a Belgian university say they have found a way to rapidly hack and clone the electronic key fobs used to start some of the most advanced vehicles on the market, including the Tesla Model S.
Some McLaren, Karma and Triumph Motorcycles models may also be affected by the vulnerability in the Passive Keyless Entry and Start (PKES) system, built by the UK’s Pektron, after reverse engineering of its transponder chips revealed – among other weaknesses – that they were still using the DST40 cipher, shown to be insecure in 2005.
The team from KU Leuven University blamed “the use of an inadequate proprietary cipher, the lack of mutual authentication in the challenge-response protocol, no ﬁrmware readout protection features enabled and the absence of security partitioning”.
Hack Confirmed by Tesla
The hack was confirmed by Tesla, which told Computer Business Review: “Based on the research presented by this group, we worked with our supplier to make our key fobs more secure by introducing more robust cryptography for Model S in June 2018. A corresponding software update for all Model S vehicles allows customers with cars built prior to June to switch to the new key fobs if they wish. In addition, we had already been working on several other over-the-air updates to help protect our customers.”
The research team, led by Lennert Wouters, a doctoral student at the university’s Computer Security and Industrial Cryptography (COSIC), said they had given all the companies potentially affected eight months to respond to the research.
Gulf in Difference to Vulnerability Submission
Wouters told Computer Business Review: “We quickly received a response from Tesla, they have some nice guidelines on how to report a vulnerability.”
He added: “It took us a very long time to get a reply from Karma and McLaren, we never managed to get a reply from anyone in Triumph or Pektron.”
In the absence of clear vulnerability submission guidelines, the COSIC research team was forced to try and identify the right people to contact at the companies via social media. They say all companies named here have had eight months to respond.
Come September we will disclose a security vulnerability* in supercars. Despite our best efforts, we were not yet able to inform some of the affected manufacturers. If you know someone in McLaren, Karma, or Triumph, could you please introduce us**? If not, would you mind RTing?
— Cryp·tomer (@TomerAshur) August 3, 2018
“These companies simply don’t have a proper contact point to report security vulnerabilities. We had to try and find suitable people using LinkedIn, it is likely that the contacts we managed to find simply didn’t know how to respond to such a report or whom inside their company to ask,” Wouters told us.
All those believed to be affected by the vulnerability have been contacted by Computer Business Review. Pektron, Karma and Triumph had not responded as we went to press.
McLaren told Computer Business Review: “While this potential method has not been proven to affect our car and is considered to be a low-risk, plus we have no knowledge of any McLaren vehicle being stolen by this or the previously reported ‘relay attack’ method, nevertheless we take the security of our vehicles and the concerns of our customers extremely seriously.”
The company added: “We have already begun to write to every owner of a new or pre-owned McLaren for whom we have contact information to alert them to the risk, reassure them that our in-house experts are working closely with suppliers and the industry to investigate further, and to offer them a signal blocking pouch at no cost.”
Tesla Hacked: Not Child’s Play…
The initial reverse engineering was hardly something a layman would be able to do, involving tracking down a public application note on how a microcontroller can interact with the fob’s Texas Instruments TMS37126 chip using SPI; connecting it to an Arduino Pro Mini to analyse; using an Olimex MSP430 JTAG debugger to read the microcontroller’s program memory, and analysing the firmware using Binary Ninja in combination with the MSP430 plugin.
Once through the initial analysis however, the team say they were then able to clone a target key fob in a “matter of seconds” using low cost equipment.
Lennert Wouters told Computer Business Review: “When we started this research we didn’t have access to a vehicle key fob so we started working with some of the transponder chips we purchased online.”
He added: “We started off by discovering publicly undocumented commands on this transponder. Once we had a list of valid commands and some rough idea of what they did we started working on the Tesla Model S key fob. We recovered the MSP430 firmware and reverse engineered it to learn which SPI command are being used in the real key fob. At this point we learned that the Tesla Model S key fob is using the DST40 command.”
He added: “Our evaluation revealed that this system (used in some of the most advanced cars on the market) relies on a 40-bit proprietary cipher to unlock and start the vehicle, and reuses the same 40-bit key for both functions. Therefore, there is no security partitioning in this system. In addition to being vulnerable to relay attacks, the protocol does not implement mutual-authentication enabling us to execute a chosen input attack”.
Tesla told Computer Business Review that it has taken steps to make its key fobs more secure by introducing the more robust DST-80 cryptography for the Model S in June 2018, and that customers with older Model S key fobs can contact Tesla’s service department to purchase the newer key fob if they wish to.
Hall of Fame
The company added: “We had already been working on several other over-the-air updates to help protect our customers from thefts – last year we introduced an update that allows all customers to turn off passive entry entirely, and this year we introduced PIN to Drive, which allows customers to set a unique PIN that needs to be entered before their vehicle is driven. We would like to thank this research team for participating in our bug bounty program, and look forward to recognizing them in our Hall of Fame.”
Wouters added: “We would like to emphasize that there is no good reason to use proprietary ciphers over well-scrutinized cryptographic primitives… Furthermore, the secrecy of datasheets only hinders adversaries, security researchers and professionals and does not provide real security. The fact that these datasheets are secret makes it more difﬁcult for any car manufacturer to conduct a thorough review of the system they purchased from a third party. One can only wonder which additional vulnerabilities could be revealed if these datasheets were ever leaked.”