Tesla's Model S was found to have more key fob security blues, report says

A research team at a Belgian university found another vulnerability in Tesla's Pektron-sourced key fobs.

Kyle Hyatt Former news and features editor
Kyle Hyatt (he/him/his) hails originally from the Pacific Northwest, but has long called Los Angeles home. He's had a lifelong obsession with cars and motorcycles (both old and new).
Kyle Hyatt
2 min read
2019 Tesla Model S Long Range
Enlarge Image
2019 Tesla Model S Long Range

Tesla's Model S has a new vulnerabiltiy in its Pektron-sourced key fobs.

Tim Stevens/Roadshow

Remember way back in 2018 when it was discovered that hackers could clone a Tesla Model S key fob with some basic gear and a few seconds' time? It was pretty wild, but to its credit, reacted fairly quickly to fix the problem, and transitioned to a new key fob.

Well, guess what? It happened again, according to a Wired article published on Tuesday, and this time even those new key fobs are vulnerable. Researchers at a Belgian university -- the same ones that outed the original flaw -- announced their findings recently, and while the new method took a little longer and has to be done at a closer range, the new fobs were still not as secure as they were meant to be. Thankfully, Tesla again reacted quickly and has already rolled out its software update that will allow users to basically re-flash their fob in their car in just a couple of minutes.

So, just as a refresher, with the old key fobs, the problem lay with the way they were encrypted. The company that manufactured them, Pektron, only used a 40-bit encryption protocol, which was relatively easy to break. To fix the problem, Tesla and Pektron transitioned the fobs to 80-bit encryption, which should have been wildly more challenging to break.

That sounds great, but the vulnerability found by the Belgian researchers at KU Leuven University makes it so that instead of having to break the 80-bit encryption, they only had to break two 40-bit encryption keys. Is that better than the original fob's single 40-bit key? Yes. Is it good enough? No, but that's OK because Tesla also enabled a feature awhile ago called PIN to Drive, which allows a vehicle owner to set a PIN code that has to be entered before the car can be driven. This is separate from the fob, and not affected by the vulnerability, but the vehicle owner had to enable it.

"While nothing can prevent against all vehicle thefts, Tesla has deployed several security enhancements, such as PIN to Drive, that makes them much less likely to occur," said a Tesla representative in a statement. "Even though we are not aware of a single customer ever affected by the reported issue, and enabling PIN to Drive already prevents this from occurring, we've begun to release an over-the-air software update (part of 2019.32) that addresses this researcher's findings and allows certain Model S owners to update their key fobs inside their car in less than two minutes."

The good thing about the revelation of this vulnerability is, as Tesla said, that it doesn't require a change of hardware and that a software update for Model S owners is on the way. Model X and Model 3 owners aren't affected by all this because they don't use the Pektron fobs.

Tesla Model S Long Range takes us back to the future

See all photos
Watch this: Tesla Model S Long Range pulls further ahead of the EV pack

Update, 4:51 p.m.: Clarified language surrounding the current status of the vulnerability