Tesla's key fobs are still vulnerable to being cloned by ill-intentioned hackers, even though it is believed the company was already able to fix the issue when it was discovered back in 2018.
Last year, it was revealed that hackers could easily clone a Tesla Model S key fob using simple tools. A few seconds' works and a key fob is copied! The company quickly took action; however, by fixing the problem and making a new key fob.
Either Tesla worked too fast, or the hackers are too good because come this year, a Wired report claimed that new key fobs are also vulnerable to being cloned. The researchers who discovered the weakness last year were the ones who found this flaw once more this time. According to these experts from a Belgian university, cloning can be done a little longer than last year, but it still can be done nonetheless. Also, cloning these new key fobs need to be done at a closer range, which means the new key fobs are better than last year's but what is the use of this if they can still be cloned? They are not secure as they should be, and this brings the question to Tesla's abilities.
According to CNET, the problem with the old key fobs lie with how they were encrypted. The previous, easily-hacked key fobs were manufactured by Pektron, and only a 40-bit encryption protocol was used. It was determined last year how easily this protocol can be broken. To fix last year's issue, Tesla and Pektron upgraded the fobs to 80-bit encryption. Even though this is more challenging to break, the Belgian researchers of KU Leuven University showed that the update only called for hackers to break two 40-bit encryption keys instead of one. More challenging to hack? Yes. More secure? Certainly not.
The company, on its part, however, is a great responder to such issues. Tesla reacted in record's time and already rolled out a software update that can fix this issue. With the update, users can just re-flash their fob in their car in a few minutes. Tesla also enabled a feature called "PIN to Drive," enabling the car owner to set a pin code. This code needs to be punched in before the car can be used. Not only is this feature separate from the fob, and therefore, could not be affected by possible cloning, the owner also has to enable the feature first. Tesla at least, has seriously upped its game this time against possible hacking and thefts.
"While nothing can prevent against all vehicle thefts, Tesla has deployed several security enhancements, such as PIN to Drive, that makes them much less likely to occur," the Tesla statement reads.
