Security flaws in Tesla and McLaren keyless entry found

by Lawrence Allan, Autocar UK 11 Sep 2018

A team of researchers at the University of Leuven, Belgium, have uncovered a serious security flaw in a keyless entry and start system used by brands such as Tesla and McLaren. 

The team at the Computer Security and Industrial Cryptography research group (COSIC) were able to attack and clone the key fob of two Tesla Model S cars in “a matter of seconds”, allowing an attacker to unlock and start the vehicle. 

The system, developed by software company Pektron, is said to be fitted to a number of high-end models. It’s easier to attack than other systems of this type, according to the research team, because attackers don’t need to be close to the car and key fob at the same time. The released video, below, shows how quickly the Model S can be accessed.

McLaren has confirmed that the research demonstrates a “theoretical vulnerability in our vehicle security systems”, but it has “not been proven to affect our vehicles, and we know of no McLaren that has been compromised in such a way”. Customers are being contacted by email to inform them of the issue, however, and are being sent a signal blocking pouch for the car’s key. 

Tesla previously released a ‘pin to drive’ security feature as a response to the findings, which the researchers recommend owners use alongside disabling the passive entry system.