Abstract
The security of immobiliser and Remote Keyless Entry systems has been extensively studied over many years. Passive Keyless Entry and Start systems, which are currently deployed in luxury vehicles, have not received much attention besides relay attacks. In this work we fully reverse engineer a Passive Keyless Entry and Start system and perform a thorough analysis of its security.Our research reveals several security weaknesses. Specifically, we document the use of an inadequate proprietary cipher using 40-bit keys, the lack of mutual authentication in the challenge-response protocol, no firmware readout protection features enabled and the absence of security partitioning.In order to validate our findings, we implement a full proof of concept attack allowing us to clone a Tesla Model S key fob in a matter of seconds with low cost commercial off the shelf equipment. Our findings most likely apply to other manufacturers of luxury vehicles including McLaren, Karma and Triumph motorcycles as they all use the same system developed by Pektron.
Highlights
The first Remote Keyless Entry (RKE) system for cars was introduced by Renault in 1982 [Smi16]
Vehicles are typically equipped with a RKE system and often include a Passive Keyless Entry (PKE) system
By doing so we identify multiple security issues in the PKES system designed by Pektron such as the use of an inadequate proprietary cipher, the lack of mutual authentication in the challenge-response protocol, no firmware readout protection features enabled and the absence of security partitioning
Summary
The first Remote Keyless Entry (RKE) system for cars was introduced by Renault in 1982 [Smi16] Back these systems used infrared instead of Radio Frequency (RF) transmissions. Vehicles are typically equipped with a RKE system and often include a Passive Keyless Entry (PKE) system. The former allows users to lock and unlock their vehicle by the press of a button on a key fob. We implement a Proof of Concept (PoC) attack allowing us to clone the key fob of high-end vehicles such as the Tesla Model S using Commercial Off The Shelf (COTS) equipment in seconds..
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
