Security flaws leave keyless Tesla cars vulnerable to theft

A team of researchers at COSIC, an imec research group at the University of Leuven, has uncovered serious security flaws in the Passive Keyless Entry and Start (PKES) system used by some luxury vehicles. The study shows that the key fob (the unlocking device) used by the Tesla Model S is using out-dated and inadequate cryptography. An adversary can abuse these flaws to clone a key fob in a matter of seconds, unlock the vehicle and drive off with it. Other manufacturers that may be affected include McLaren, Karma Automotive and Triumph Motorcycles as they are all using a PKES system developed by Pektron. High-end vehicles are often equipped with a Passive Keyless Entry and Start (PKES) system. These PKES systems allow the vehicle to be unlocked and started based on the physical proximity of a paired key fob: no user interaction is required. The researchers' goal was to evaluate the resistance of a modern day PKES system to different types of attacks.