International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: My other car is your car: compromising the Tesla Model X keyless entry system

Authors:
Lennert Wouters , imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium
Benedikt Gierlichs , imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium
Bart Preneel , imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium
Download:
DOI: 10.46586/tches.v2021.i4.149-172
URL: https://tches.iacr.org/index.php/TCHES/article/view/9063
Search ePrint
Search Google
Award: CHES 2021 Best Paper Award
Abstract: This paper documents a practical security evaluation of the Tesla Model X keyless entry system. In contrast to other works, the keyless entry system analysed in this paper employs secure symmetric-key and public-key cryptographic primitives implemented by a Common Criteria certified Secure Element. We document the internal workings of this system, covering the key fob, the body control module and the pairing protocol. Additionally, we detail our reverse engineering techniques and document several security issues. The identified issues in the key fob firmware update mechanism and the key fob pairing protocol allow us to bypass all of the cryptographic security measures put in place. To demonstrate the practical impact of our research we develop a fully remote Proof-of-Concept attack that allows to gain access to the vehicle’s interior in a matter of minutes and pair a modified key fob, allowing to drive off. Our attack is not a relay attack, as our new key fob allows us to start the car anytime anywhere. Finally, we provide an analysis of the update performed by Tesla to mitigate our findings. Our work highlights how the increased complexity and connectivity of vehicular systems can result in a larger and easier to exploit attack surface.
Video from TCHES 2021
BibTeX
@article{tches-2021-31314,
  title={My other car is your car: compromising the Tesla Model X keyless entry system},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2021, Issue 4},
  pages={149-172},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9063},
  doi={10.46586/tches.v2021.i4.149-172},
  author={Lennert Wouters and Benedikt Gierlichs and Bart Preneel},
  year=2021
}