back to article 2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Boffins have sprung the bonnet on the weak crypto used in the keyless entry system in Tesla's Model S car. Researchers from the Computer Security and Industrial Cryptography (COSIC) group – part of the Department of Electrical Engineering at Belgian university KU Leuven – were able to clone a key fob, open the doors, and drive …

  1. Tinslave_the_Barelegged Silver badge

    Problem-solution dichotomy

    This seems one of those things that can be rather annoying. What is so wrong with physical keys that a techgasm of adding layers of technology solves, but results in such poor implementations? I know that sounds merely Luddite, but really, surely by now we can at least look at things more empirically rather than tumble headlong along a path we have kidded ourselves is called "progress"?

    </HUMBUG>

    1. Dave 126 Silver badge

      Re: Problem-solution dichotomy

      Number of times a car has been stolen * huge inconvenience of such. Versus:

      Number of times a stressed parent holding has used keyless fob to lock vehicle after their brood has exited the vehicle * convenience of such.

      Weighing of pros and cons requires numbers.

      1. DavCrav Silver badge

        Re: Problem-solution dichotomy

        "Number of times a car has been stolen * huge inconvenience of such. Versus:

        Number of times a stressed parent holding has used keyless fob to lock vehicle after their brood has exited the vehicle * convenience of such.

        Weighing of pros and cons requires numbers."

        In the McLaren's case, I doubt there's all that much room for a brood.

        1. Anonymous Coward
          Anonymous Coward

          Re: Problem-solution dichotomy

          "In the McLaren's case, I doubt there's all that much room for a brood"

          Or indeed a breed !

        2. Oneman2Many

          Re: Problem-solution dichotomy

          As already mentioned, physical keys aren't much better.

          And no manufacture wants to be one not to offer keyless entry. Its pretty much an expected given for even entry level cars these days.

      2. vtcodger Silver badge

        Re: Problem-solution dichotomy

        There's a difference between keyless entry and keyless ignition. Hacking keyless entry allows one to steal stuff. Groceries, your laundry, the radio. Hacking keyless ignition allows one to drive off with the vehicle. (Although I'm a bit hazy on why one would want to drive off with a Tesla. What, exactly, does one plan to do with it?).

        Also, many vehicles that allow keyless entry have mechanical locks that can be used when the keyfob fails. That's more useful than one might think as keyfobs tend to fail when the battery gets tired. Because of the nature of batteries, that's likely to be when it's cold out. At night. In Winter.

        1. Prst. V.Jeltz Silver badge

          Re: Problem-solution dichotomy

          "Traditional keys" , are not just keys , the newer ones have all the encryption and immobilising built in along with the key.

        2. Robert Helpmann?? Silver badge
          Childcatcher

          Re: Problem-solution dichotomy

          I'm a bit hazy on why one would want to drive off with a Tesla. What, exactly, does one plan to do with it?

          Sell it for parts, especially the battery. Given the speed at which Tesla doesn't provide service or replacement parts, the various bits you can pull out of a functioning car are going to be worth more than the car itself and have a lot lower chance of getting potential thieves caught.

          1. Orv Silver badge

            Re: Problem-solution dichotomy

            Sell it for parts, especially the battery.

            And this is probably one of the reasons McLaren is not concerned. McLaren made 3,340 cars last year. You just can't unload something that rare and flashy, whole or as parts, without attracting attention. And no owner of a legit car is going to buy hot parts of unknown provenance, because installing them would tank the value of their own car.

        3. Andy The Hat Silver badge

          Re: Problem-solution dichotomy

          My friend's car had keyless entry and keyless ignition. She dropped her keys as she got into the car, did a 30 mile journey and a day's work then had to call the supplier for recovery as she didn't have a key with her and they couldn't get into it without significant work ...

          Out of interest, do keyless ignition systems have any form of automatic steering lock or are they 'so incredibly secure' that it's no longer required?

          1. MrXavia

            Re: Problem-solution dichotomy

            "She dropped her keys as she got into the car"

            How did the car start if the key was outside the car?

            I have no idea how, but my car detects if the key is inside the car or not, if any key is inside, the car will not lock, if you try to drive off and the key is not in the car after starting it, my car alerts you to the fact your key is not in the car...

            So implementation matters.

            1. Andy The Hat Silver badge

              Re: Problem-solution dichotomy

              ""She dropped her keys as she got into the car"

              How did the car start if the key was outside the car?"

              I believe it was a BMW and the fob was still laying on her drive when she got home. The signal sensor was too strong so the system still allowed button start but, and crucially, it did not re-check for the presence of the fob unless a restart was required. Many vehicles will have warning indicators if the fob is out of range - this didn't. It also meant that she incorrectly assumed the vehicle automatically locked when she parked it and walked away ...

              Whether that was a correct implementation of the ignition system and whether a software update was rolled out as a result I'm not sure but I know the story was escalated through the dealer.

              1. Glenturret Single Malt

                Re: Problem-solution dichotomy

                "the fob was still laying on her drive"

                No problem then. There would soon be lots of little foblets hatching out which would grow up into full grown replacement fobs.

          2. dbakes

            Re: Problem-solution dichotomy

            One of our cars that has keyless ignition does indeed have an automatic steering lock that engages when you exit the vehicle. It disengages automatically when pressing the start button.

          3. Wincerind

            Re: Problem-solution dichotomy

            Interesting. I'd always assumed these keyless ignitions would cut out once the key was out of range.

            1. Orv Silver badge

              Re: Problem-solution dichotomy

              Interesting. I'd always assumed these keyless ignitions would cut out once the key was out of range.

              Too dangerous. Imagine the consequences of a key fob battery deciding to give up the ghost while someone is passing on a two-lane road, or driving 75 mph with a semi tailgating them.

              The usual system is that once you're in gear, the car will keep running until you park it. Once it's off, it won't start again without the fob.

          4. grumpy-old-person

            Re: Problem-solution dichotomy

            I did not use my 2001 Mercedes Benz E200K for around 6 months because BOTH keys stopped functioning, and I refused to be ripped off by an official dealer.

            The short story is that the "key" seems to use infrared communication with the car once inserted into the socket on the dashboard - years of use eventually left a hole in the plastic shell (both keys) through which dust and other rubbish entered and obstructed the lens at the tip of the key.

            Problem resolved by cleaning the inside of the lens with a small brush, at no cost.

            Used my bicycle while the car could not be started - lots of exercise and quite a saving on fuel costs!

        4. MacroRodent Silver badge
          Unhappy

          Re: Problem-solution dichotomy

          That's more useful than one might think as keyfobs tend to fail when the battery gets tired

          The quality of the buttons in the keyfobs also seems to be low. I have had two failed ones, turning them into plain old physical keys. Not bothered to replace. At this point, a new keyfob apparenly would cost about the same as the resale value of the old car...

          1. Charles 9 Silver badge

            Re: Problem-solution dichotomy

            "The quality of the buttons in the keyfobs also seems to be low. I have had two failed ones, turning them into plain old physical keys. Not bothered to replace. At this point, a new keyfob apparenly would cost about the same as the resale value of the old car..."

            I haven't had my fob fail so much as get dirty. But because the CR2032 batteries in them have to be replaced periodically (you usually get advance warning of this as the fob gets increasingly finicky), they can be opened and self-serviced. Every so often, I open them up, brush off the debris, and treat the contact pads and surfaces with 91% isopropanol. The most I've done since then has been to obtain a replacement casing which was thankfully inexpensive.

        5. MachDiamond Silver badge

          Re: Problem-solution dichotomy

          "(Although I'm a bit hazy on why one would want to drive off with a Tesla. What, exactly, does one plan to do with it?).

          $1,200 headlights

          $1,000 door handle

          $7.000 motor assembly (x2 in an AWD)

          $3,000 infotainment module

          And a huge lead time if you try to order parts from the factory. Skipping anything that might have a serial number of some fashion that would point to the car being stolen, the rest of the parts are worth a shed load of cash.

      3. phuzz Silver badge

        Re: Problem-solution dichotomy

        Weighing of pros and cons requires numbers.

        I love that you have exactly equal numbers of up and down-votes for this (eight each at present).

        FWIW I have remote unlock button for my car, but I never used it until some little scrote destroyed the physical lock on my drivers door, attempting to break in. Since then I use it some of the time.

      4. Anonymous Coward
        Anonymous Coward

        Re: Problem-solution dichotomy

        "Number of times a stressed parent holding has used keyless fob to lock vehicle after their brood has exited the vehicle * convenience of such."

        Maybe if the stressed parent is too stupid to use either of the two switches on the driver side door to lock all the doors, they shouldn't be reproducing.

      5. Anonymous Coward
        Anonymous Coward

        Re: Problem-solution dichotomy

        The measure of inconvenience very much depends on local weather conditions.

        (there's an ad for that)

    2. m0rt Silver badge

      Re: Problem-solution dichotomy

      Something I have been mulling over for a long time. I like technology. I don't like what we class as progress right now.

      The throw away society rhetoric has produced a system that just keeps replacing. Quality is missing in a lot of things.

      Remote keys, however, are a handy thing. It is possible to design a remote key that works in a secure way. But there is no caring about what is produced. I mean jeez - Penetration testing *should* be a standard.

      Using technology for its own sake is not necessarily a better scenario in lots of cases.

    3. Lee D Silver badge

      Re: Problem-solution dichotomy

      It gets me that the VERY NEXT ACTION you take is to touch the door.

      So... if you've already got to touch the door... why do you need this stuff to be remote?

      And entry should be a very different matter to starting the engine. I don't consider my car "safe" to put valuables in, but I do expect that they can't just drive it away.

      1. Chloe Cresswell

        Re: Problem-solution dichotomy

        After having my keyless mondeo stolen in <25 seconds in August, getting into a keyless car for me now is:

        Unlock car.

        Open door.

        Unlock disklok and remove from steering wheel...

        So much time saved! :(

        1. Tomato Krill

          Re: Problem-solution dichotomy

          Can I ask how it was stolen?

      2. ChrisC

        Re: Problem-solution dichotomy

        "It gets me that the VERY NEXT ACTION you take is to touch the door."

        Is it?

        1. remotely unlock car

        2. lock front door of house

        3. walk down driveway to car that the wife and kids are now already in

        4. open drivers door of car

        In this all too common scenario I count two distinct and non-trivial actions requiring a non-insignificant length of time to complete between unlocking the car and touching the car. Now sure, we could just remember to give the car keys to the wife, or we could let them deal with locking the front door, either of which would then allow the "very next action" scenario you're thinking about to occur, but back in the real world this is the routine that for one reason or another we've fallen into, and it works for us. It wouldn't surprise me in the slightest if other people have similar scenarios where being able to remotely unlock their car is a genuinely useful feature for them too.

        In a similar vein, being able to remotely release the boot lid is a godsend when returning to the car with hand/armfuls of shopping, suitcases etc, which would make it impossible for you to use a physical key or bootlid release button on the boot itself without first putting stuff down.

        1. FatGerman

          Re: Problem-solution dichotomy

          "being able to remotely release the boot lid is a godsend when returning to the car with hand/armfuls of shopping, suitcases etc, which would make it impossible for you to use a physical key or bootlid release button on the boot itself without first putting stuff down."

          Oh! The humanity! I have to put this stuff down! I really don't have 15 seconds spare in my day to do this!

          1. Charles 9 Silver badge

            Re: Problem-solution dichotomy

            "Oh! The humanity! I have to put this stuff down! I really don't have 15 seconds spare in my day to do this!"

            NO, because there are many reasons why you don't want to put that stuff even for five seconds, one of the most common being bad weather. Do you really want to put your bags on the wet ground (because it's raining pretty hard and your car's outdoors--and I don't trust even plastic bags to be watertight)? Or how about on a slope because you're parked on a hill (Ask someone say in San Francisco), where the mere act of putting them down runs the risk of things escaping downhill? Or maybe it's the wife busy with an infant and other kids?

          2. jeffdyer

            Re: Problem-solution dichotomy

            If it's pouring with rain, the last thing you want to do is put your shoppping down on the wet floor etc.

            1. Lee D Silver badge

              Re: Problem-solution dichotomy

              Have you people not heard of trolleys?

              1. Charles 9 Silver badge

                Re: Problem-solution dichotomy

                "Have you people not heard of trolleys?"

                Have you people not heard of wheel-locks? Many times the trolleys aren't allowed outside of the store for fear of getting stolen.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Problem-solution dichotomy

                  @Charles 9

                  You have a car; so, shop in a better neighbourhood. ;)

                  1. Charles 9 Silver badge

                    Re: Problem-solution dichotomy

                    Gas ain't cheap, plus ALL the neighborhoods are the same, so it doesn't matter which I pick, if I'm carrying grocery bags in the rain, I DO NOT want to set them down unless they're IN the car. Being able to open the trunk in these conditions can make a real difference.

            2. ibmalone Silver badge

              Re: Problem-solution dichotomy

              If it's pouring with rain, the last thing you want to do is put your shoppping down on the wet floor etc.

              Well, if it's the floor chances are you're inside and it's dry! (Sorry, the frequency of the floor/ground confusion has been bugging me recently. Think it might be linked to people spending more time inside...)

          3. Voyna i Mor Silver badge

            Re: Problem-solution dichotomy

            "Oh! The humanity! I have to put this stuff down! I really don't have 15 seconds spare in my day to do this!"

            The upper classes have never had to do this because they had slaves workers to do it for them.

            The amount of energy and material used to give us convenience functions is far less than was required in the past to maintain that army of workers. And that army itself was frequently a bit criminal, so we aren't really losing that much security. For every Jeeves, doubtless an Unjust Steward.

            So... why shouldn't we have stuff? So long as society as a whole is treating people decently, and things are sustainable, I really don't care.

            1. Alistair Silver badge

              Re: Problem-solution dichotomy

              @Voyna:

              You keep saying these things that make me want to meet you .......

              "So... why shouldn't we have stuff? So long as society as a whole is treating people decently, and things are sustainable, I really don't care."

              And sometimes I think you're layering stuff in there that means far more than the words on the page.

              1. quxinot

                Re: Problem-solution dichotomy

                I was immediately transported to listening to George Carlin rant about people and their 'stuff'....

                (Worth looking up on youtube etc if you haven't heard it.)

          4. MachDiamond Silver badge

            Re: Problem-solution dichotomy

            "returning to the car with hand/armfuls of shopping"

            If I have a load of shopping, it's usually in a trolly. Otherwise it's in my insulated shopping bag which I can hold by the straps in one hand while I fish the keys out of my pocket and unlock the boot/door with the other. No itch.

        2. jcitron

          Re: Problem-solution dichotomy

          Remotely unlocking?

          Sure when it's pouring rain beyond cats and dogs and you need to make that beeline for the driver's seat. I had an older-style car that needed to be unlocked manually, and more than once spent time fiddling with the keys as I tried to get in. I admit that I'm not the most coordinated soul, but still the convenience of just opening the door saves time.

          The other situation is when you've got a ton of shit to put in the boot. I open my Jeep and pop the back hatch from my kitchen window, take the crap I need to carry with me and all I need to do is put it in and close. This works especially well when it's pouring or snowing miserably.

          Keyless entry, well I see that as a mistake ready to happen and has already happened. My cousin left her fob at home, made it to work and couldn't leave so much for that grand idea. Another time she started her car and gave the fob to her husband who drove off to work in another direction. Unless the thing is attached to other keys, I can see this as an ongoing problem.

      3. John Miles

        Re: entry should be a very different matter to starting the engine

        If you can get in car, likely you can access the ODB port - back in 2012 you could program BMW keyless ignition cars to accept a new key from ODB port and at that point it could be driven away - and due to various other weaknesses in BMW security a lot were just driven away. I don't know what they have changed but gaining access to the internals of car allows you to access systems where if security has been thought of it is an afterthought.

      4. cray74

        Re: Problem-solution dichotomy

        It gets me that the VERY NEXT ACTION you take is to touch the door.

        That's what I do, and all I have to do: touch the door with the keys in my pocket. When I'm juggling groceries or kids I only have to hook a finger under one of the front door handles. The key fob talks to the car remotely and the door unlocks.

        Other remote functions are handy. When my hands are a bit more free and I'm more distant from the car - like at the edge of my employer's baking, low latitude parking lot - I can remote start the car and get the air conditioning working while I cross hectares of simmering asphalt.

    4. jmch Silver badge

      Re: Problem-solution dichotomy

      "What is so wrong with physical keys that... "

      Nothing wrong with physical keys per se, it's just that they are not so secure themselves. Car thieves have no problem opening up traditional-key cars. The key will stop opportunistic snatching and druggies looking for a fix but not professional car thieves. The thing is, professional car thieves are not interested in older models or low-end cars because even for criminals, margin and ROI are important. Since high-end models and newer cars all have keyless entry, cars without aren't stolen very much. But that's because they're not so desirable to thieves, not because they're more secure.

      There's lots of hype around keyless systems or connected cars getting pawned, and rightly so. Manufacturers should be held to account on that and make their systems more robust (kudos to Tesla for the quick fix). But going back to keys will not make cars more secure.

      1. Anonymous Coward
        Anonymous Coward

        Re: Problem-solution dichotomy

        Nothing wrong with physical keys per se, it's just that they are not so secure themselves. Car thieves have no problem opening up traditional-key cars. The key will stop opportunistic snatching and druggies looking for a fix but not professional car thieves.

        ----------------------------------------------------

        On the contrary, theft/insurance figures show much higher rates of theft for vehicles with *KEYS BUT NO RFID CHIP* compared to cars with keys using an RFID sensing ignition.

        It seems to me that a 'two factor' key with a physical key and RFID is likely superior to either non-RFID physical keys or keyless fobs.

        1. Orv Silver badge

          Re: Problem-solution dichotomy

          It seems to me that a 'two factor' key with a physical key and RFID is likely superior to either non-RFID physical keys or keyless fobs.

          No doubt. My car has all three systems. It can be opened with a manual button press, or with a flip-out key. To start, it must sense the fob inside the car (outside won't cut it), and if the battery is dead you put the key in a hidden slot and the RFID chip is read. This is also how you pair new remotes. It seems like a reasonably well thought out, if somewhat over-complex, system.

    5. Anonymous Coward
      Anonymous Coward

      Re: Problem-solution dichotomy

      What is so wrong with physical keys that a techgasm of adding layers of technology solves, but results in such poor implementations?

      Whilst sympathising with your complaint, it is worth noting that the security of physical keys is not always what it might be, particularly on cheaper cars or as mechanisms wear. Not to mention that a simple physical attack was for many years all that was needed to bypass the entry and ignition locks.

      As I recall, the motor and insurance industries refused to do anything about the 1980's car theft epidemics until forced by government, and looking at the vulnerability of a whole range of (usually premium) cars, I suspect we'll be reliant upon government action to get this weak crypto issue fixed rather than makers taking responsibility.

      1. Flywheel Silver badge

        Re: Problem-solution dichotomy

        "we'll be reliant upon government action to get this weak crypto issue fixed rather than makers taking responsibility"

        Well, that'll mean adding a GCHQ-approved crypto backdoor - and think of the children!

      2. Orv Silver badge

        Re: Problem-solution dichotomy

        Whilst sympathising with your complaint, it is worth noting that the security of physical keys is not always what it might be, particularly on cheaper cars or as mechanisms wear.

        Certain 1990s Saturns were famous for being able to be started with keys from other Saturns, or in some cases, post office box keys. The locks became very indiscriminate after they wore out, and they wore out fast. Various hilarious media stories about people driving home in the wrong car ensued.

        1. jcitron

          Re: Problem-solution dichotomy

          My old Toyota Celica remote lock FOB could unlock Saturns across the parking lot. It was funny seeing other cars blink simultaneously when mine did. The first time it occurred I thought it was one of those weird timing things when a bunch of things happen at the same time. Then another time I was at the market and parked next to a Saturn. When I opened my old Celica, the Saturn unlocked too.

          Oops!

    6. Pen-y-gors Silver badge

      Re: Problem-solution dichotomy

      It gets me that the VERY NEXT ACTION you take is to touch the door.

      That bugs me too. What I want is to be able to press a button (or, ideally, think a special phrase) and the vehicle door opens, a long arm extends to where I am, gently cradles me in it, and draws me back into the vehicle, which starts to play my preferred music, delivers me a nice glass of plonk and some nibbles, and autonomously drives off to my destination (which it read in my mind). Now THAT would be a good use of technology.

    7. NoneSuch
      Thumb Down

      Re: Problem-solution dichotomy

      The German WW2 Enigma codes were 88 bit and were broken in a shed with machine based technology. Eighty years later, Tesla locks your car with 40 bit encryption.

      (Best Doctor Evil voice) Riiiiiiight...

      1. EveryTime Silver badge

        Re: Problem-solution dichotomy

        > "The German WW2 Enigma codes were 88 bit and were broken in a shed with machine based technology. Eighty years later, Tesla locks your car with 40 bit encryption."

        The Germans didn't understand the operational risks -- the vulnerability created by how they consistently formatted their messages.

        40 bit keys are perfectly fine in active keyless remotes, where you press a button to activate (and reveal a single message / information). 40 bit keys are a vulnerability in passive keyless remotes, where it's possible to rapidly and secretly extract information. Once again it's rarely the cryptography, it's how it's put into operational use.

      2. Saruman the White

        Re: Problem-solution dichotomy

        Enigma was broken because there were inherent weaknesses in the system (e.g. a letter would never encode to itself) and the way that the operators used it (retransmitting the same message with different keys) that gave the brainacs at Station X a lever allowing them to crack open the whole system.

        It also helped that the Allies captured some Engima machines and the rotors, meaning that all they had to do has break the code settings.

    8. Time Waster

      Re: Problem-solution dichotomy

      I’m with you on avoiding excessive and often unnecessary technology. Keyless entry being a case in point. How hard is it to press a button on a remote to lock / unlock your vehicle, a remote virtually all “keyless” systems still require. Such buttons have the rather handy features of knowing whether you’ve actually locked your car, and rather neatly preventing relay attacks from your hallway / coat pocket. However, going back to physical keys is a step too far even for me. Car thefts have decreased rather dramatically since the 90’s (last I looked, they were down over 80% in the UK) and I can’t help but suspect this may be related to swapping old-school key barrels (which are all too easily old-school hot-wired) for more electronically integrated remote systems. Whilst I’m sure there are some professional car thieves taking advantage of such holes in current technology, I’m pretty sure there are far more teenage oiks with a brick and a pair of pliers looking for some quick thrills.

  2. Dave 126 Silver badge

    Cool, we can get a free ride in a Maclaren then! (Likely followed by a free ride in a Ford Focus with a fluorescent checker pattern on the side).

    I saw a Maclaren the other day but my van, despite being white, couldn't keep up so I couldn't follow him to wherever he parked it.

    Aston Martins and Teslas are common round here, Maclarens rarer than the very occasional Ferrari or Morgan.

    1. Anonymous Coward
      Anonymous Coward

      Err, Dave126...

      If you want to ride in a Maclaren, then that's your business, but you might want to do it in private. They make prams.

      Mclaren is the car-maker.

      1. Dave 126 Silver badge

        Re: Err, Dave126...

        Oops! Oh well, at least even my van can keep up with a push chair. Unless it's a particularly steep hill.

        1. TRT Silver badge

          Re: Err, Dave126...

          Both, however, feature an annoying rattle.

  3. Pink Duck

    I've been feeling a lot less anxious since enabling their PIN to Drive feature for 2FA overnight and in the office, as then even if keys/phone are swiped there's no silently driving off never to be seen again.

    1. SJA

      Even if your Tesla get stolen, it has a high probability to be returned to you. I read 113 out of 115 Teslas stolen in the US were returned.

      1. JohnG Silver badge

        "Even if your Tesla get stolen, it has a high probability to be returned to you. I read 113 out of 115 Teslas stolen in the US were returned."

        The situation has been a bit different in Europe: There was a spike in Tesla thefts in summer 2017, with cars disconnected from tracking and mothership.tesla.com at about the same time they were stolen... and they were not subsequently recovered. In the same year, a Lithuanian man was arrested in Germany, when the lorry he was driving was found to contain major parts from a Tesla stolen in the Netherlands four days before.

        1. Anonymous Coward
          Anonymous Coward

          nicking a Tesla

          If you don't put the thing into a shipping container within a few minutes of nicking it then you are asking for trouble. They are the ultimate 'always connected' vehicle. AFAIK, they phone home every few hours even when parked. They are also totally trackable unless you understand how to disable it (not easy).

          Hopefully, my Model 3 won't suffer from this problem when it arrives in 2019 or that might be 2020. who knows eh?

          1. Killfalcon Silver badge

            Re: nicking a Tesla

            "If you don't put the thing into a shipping container within a few minutes of nicking it then you are asking for trouble. "

            Nice to know that Grand Theft Auto games got something true to life!

  4. Andytug

    Car makers implementation seems to differ - My Renault has a "two stage" system, if you lock it with the remote button it can only be unlocked by using the other button on the remote, however if you turn off the engine and just walk away the car locks and beeps, in that state if you are within 6-8 feet of the car with the remote anyone can open the door (and presumably also start it). If other cars are set up to allow permanent keyless access then that's a big security hole - or is it that drivers like the convenience of keyless all the time and are therefore leaving their cars open to attack, instead of locking them "properly"?

    I always lock the car with the remote unless I know for certain I'm coming back to it in a minute or two, it's parked right next to the house.

    1. jmch Silver badge

      "if you are within 6-8 feet of the car with the remote anyone can open the door (and presumably also start it)."

      My Nissan (which presumably shares a lot of technology with Renault) can detect pretty accurately when the key fob is in the car vs out of the car. It's not possible to start the car with the key out of the car, or in a bag in the boot. Anywhere else inside the passenger compartment works fine.

      1. Andytug

        Would think you're right (Renault owns Nissan) as the car bleeps like crazy if you step out of the car with the engine running and the fob in your pocket....

        1. Orv Silver badge

          Ditto on my Volt. I actually messed with it one day to see if I could trick it into letting me lock the keys inside; normally it will beep and unlock all four doors if I try. Eventually I succeeded by locking each door manually. (My plan if that didn't work was to try leaving the windows down a crack and chucking the keyfob in through there. Yes, I do debugging, why do you ask?)

      2. werdsmith Silver badge

        It's not possible to start the car with the key out of the car, or in a bag in the boot. Anywhere else inside the passenger compartment works fine.

        This is my experience with Nissan and the other cars too. And if you try and lock the car using the touch sensor with the key inside it will squeal like a pig. Yet if the fob is 1CM from the outside of the door it all works fine.

  5. Moog42

    Convenience (my hands are full when I need to lock the car) vs inconvenience (I have to remember to put my keys in a metal biscuit tin every night to prevent some git from driving it off) - still feels like a half-baked biscuit solution tbh.

    1. Dave 126 Silver badge

      Indeed. I know one family member who has never had a car stolen, but she has lost property when she's placed it on top of the car whilst unlocking it and then driven off with items still on the roof.

      Pros and cons again.

      I'm envious of the cars that detect that you have the key, and will open part of the tailgate if you wave your foot underneath - hands-free access to the vehicle for dumping whatever you're carrying.

    2. Andy The Hat Silver badge

      "a half-baked biscuit solution"

      Fewer soggy bottoms please :-)

  6. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    Specially trained, genetically engineered, lock inhabiting, human skin oil consuming miniscule demons are the way forward.

    1. Martin Summers Silver badge

      Well I hear they work well in cameras so good idea.

  7. Gordon 10 Silver badge

    Would have been nice to target the right manufacturers El Reg

    Calling out Tesla in the headline who fixed it versus everyone else who didn't in a minor footnote at the end isnt really a nice way of biasing the story.

    It almost seems as if you were using the Tesla name as headline clickbait, and if so bad McLaren, good Tesla would have worked just as well.

    Not a Tesla fanboi - just irritated that the article focus is on the guys that responded correctly and not in a particularly positive way. Still it is El Reg I suppose. Tesla should consider their hands well and truly 'bit'

    1. JohnG Silver badge

      Re: Would have been nice to target the right manufacturers El Reg

      Yes - in particular, Pektron should be asked to explain their design choices.

    2. Detective Emil

      Re: Would have been nice to target the right manufacturers El Reg

      Nope. Fair game. Tesla, which claims to be being "disruptive" by running an auto company like a tech company, should have known better than to use a 40-bit key in the first place.

      1. JohnG Silver badge

        Re: Would have been nice to target the right manufacturers El Reg

        "Nope. Fair game. Tesla, which claims to be being "disruptive" by running an auto company like a tech company, should have known better than to use a 40-bit key in the first place."

        Tesla didn't use a 40 bit cipher, Pektron did. Tesla bought a keyless entry system from Pektron but Pektron had used a 40 bit cipher (which is why the same problem is thought to exist on other cars using keyless entry systems from Pektron). In retrospect, perhaps Tesla should have checked what they were buying more carefully.

        1. Voyna i Mor Silver badge

          Re: Would have been nice to target the right manufacturers El Reg

          "In retrospect, perhaps Tesla should have checked what they were buying more carefully."

          Yes.

          An interesting fact based on my own experience is that companies buying your product who do thorough security evaluation are far less likely to give you grief further on, so it works both ways.

          Perhaps car makers have to learn this lesson because Tesla is far from the worst (remember the Rover, I think it was, with a handy socket in the wheel arch that allowed you to bypass the remote entry system?).

        2. cream wobbly

          Re: Would have been nice to target the right manufacturers El Reg

          perhaps Tesla should have checked what they were buying more carefully.

          praps, aye. "disruptive" and all that, see above

  8. DropBear Silver badge

    You don't say...

    "our ability to update software over the air to improve functionality and security is unique"

    ...and thank $deity for that. When I will want a car that is technically different each time I start it up, I'll be sure to let you know. Just don't hold your breath. Yes, even if the alternative turns out to contain innumerable permanent niggling issues. I'll either fix them myself using the after-market parts designed to do exactly that or learn to mitigate their effects - at least none of them will be in software, seeing as how my car contains none outside its ECU, ABS and airbag controllers which I'm going to just go ahead and presume reliable enough for all practical purposes as-is.

    Hugs and kisses, and kindly get off my lawn, preferably before I reach for the water-napalm switch-over valve on my sprinkler controller.

    - Someone with great appreciation for predictability and invariance and a very low opinion of modern product life-cycles and design practices, especially in software

    1. Waseem Alkurdi Silver badge

      Re: You don't say...

      I'll either fix them myself using the after-market parts designed to do exactly that or learn to mitigate their effects

      That's for me and you - Reg readership.

      Average Joe and Joanne don't really want to bother with hacking a car apart. They want a car that runs reliably, and it's a nice bonus that bugs can be fixed remotely.

      The problem is that the Tesla's functionality isn't stable for Average Jo{e,anne} yet, but that should improve with time (and there should be an option like Debian's Stable branch, but for the MCU. No new features, just bugfixes).

      1. Orv Silver badge

        Re: You don't say...

        What worries me is the opportunity for DRM-like mischief. If they ever decide, for example, that they don't want people selling used Teslas instead of trading them in, they can just brick them when the new owner registers.

  9. JohnG Silver badge

    Pektron

    Whilst Tesla seems to be getting all the flak, their major failing seems to be not checking what was being supplied by the OEM, Pektron - here in the UK. What does Pektron have to say about this fiasco?

    1. Rob D.

      Re: Pektron

      In theory Pektron should be able to respond, "The product is operating exactly as specified when you decided to embed a [cheap] OEM component in your offering".

      But it is interesting to see how Pektron describe their product range. https://www.pektron.com/services/key-fobs/.

    2. Anonymous Coward
      Anonymous Coward

      Re: Pektron

      I actually had an interview at Pektron - it went downhill when I argued that static variables in C are automatically initialized to zero. The manager was adamant otherwise...

      1. Anonymous Coward
        Anonymous Coward

        Re: Pektron

        It's just shitty software engineering practice to rely on features that were added in C99

    3. Brangdon

      Re: Pektron

      40-bit cryptography was also the standard for PDFs. I think it dates back to when anything stronger was banned for export as a munition by the US government. That was ages ago - PDF is long updated - but it's where it probably comes from.

  10. Anonymous Coward
    Anonymous Coward

    Keyless car wash

    I must remember not to have the keys in my pocket when washing the car else each time I get too close to a front door handle the doors keep locking/unlocking and the mirrors folding/unfolding.

    But then I must make sure the wind doesn't blow the house door shut and I don't have a key to get in!

    1. TRT Silver badge

      Re: Keyless car wash

      Could be painful if you are leaning over the top of the A-frame at the time and don't notice the folding mirror pressed into your crotch.

  11. MiguelC Silver badge

    McLaren, Triumph and Tesla

    Should all have blamed bad Karma :)

  12. DavCrav Silver badge

    "Tesla added it plans to add the security researchers to its Hall of Fame."

    Is that a euphemism for "call them paedophiles on Twitter"?

  13. Anonymous Coward
    Anonymous Coward

    How many of these helpful researchers were branded Pedos by Elon Musk?

    Just asking, since he has form for this behaviour...

    1. Anonymous Coward
      Anonymous Coward

      Re: How many of these helpful researchers were branded Pedos by Elon Musk?

      How many of these helpful researchers had already said that Elon Musk didn't know what he was doing , that he could stick it where the sun doesn't shine etc, that he was getting involved as a PR stunt? When he maybe just trying to help with a problem?

      Not really trying to defend anyone ever calling someone a Pedo, especially on the internet, but at the same time, trying to suggest that Pen Testers doing their research is very very different from the cave rescue guy going on TV and saying what he said. Then Musk twatted it up by responding the way he did.

      1. Anonymous Coward
        Anonymous Coward

        Re: How many of these helpful researchers were branded Pedos by Elon Musk?

        "Not really trying to defend anyone ever calling someone a Pedo, especially on the internet, but at the same time, trying to suggest that Pen Testers doing their research is very very different from the cave rescue guy going on TV and saying what he said. Then Musk twatted it up by responding the way he did."

        Wrong.

        The cave rescuer and pen testers are the same - both are experts in their field, pointing out that Elon Musks solutions are flawed and dangerous. Proposing a metal tube that won't fit in the hole to a dive expert, is no different to delivering flawed security in a car when security experts had shown it's flawed 10 years ago.

        Why Elon singled out the dive hero for 'special treatment' by calling him a Pedo with zero evidence is anyone's guess. Maybe it's because he's a dope-smoking, deluded egotist with delusions of competence?

        1. Orv Silver badge

          Re: How many of these helpful researchers were branded Pedos by Elon Musk?

          Based on my experience, the dope-smoking has nothing to do with it. I don't know anyone who gets angrier when they toke up.

  14. lukewarmdog

    We rented a car recently with a fancy fob. I double checked we'd definitely locked it when we stopped at a service station. All doors locked.. check. Check boot.. boot unlocks. Can't get boot to lock.. cue panic as it was full of everything needed for a long festival.

    Turns out, after perusing the manual that it's a "feature".. if you're within range of the car and have the fob, the boot unlocks. I can see the use case for this but it was a source of some rage at the time.. I am pretty sure our next car will have a physical key.

  15. Rob D.
    Go

    Consumer-driven weakness

    It's a repeated pattern.

    In the 50's car safety, then in the 70/80's physical car security, and now car electronic security; all these were subordinate to the desire of consumers to own the latest kit and the meeting of that demand. Those underlying product features (physical safety, physical security, electronic security) only became commercially necessary when the awareness of problems and actual impact in the consumer base (too many deaths, theft from forced ignitions, theft from cloned fobs, etc) was sufficient to affect competitiveness and influence regulation.

    The auto-industry will play to that consumer-led short-sightedness for a while yet. In the early days, the car manufacturers screamed blue murder that making cars safer in crashes would kill the car market and it took years for that position to change. https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=1030&context=yjreg from the 80's for example.

  16. SonOfDilbert

    Biometrics

    Why not use fingerprint and face recognition instead of a physical key of any kind? The technology has been with us for a while now. Am I missing something?

    1. jeffdyer

      Re: Biometrics

      You might be missing your face and/or fingers if you drive a really nice car....

    2. Arachnoid

      Re: Biometrics

      Because your fingerprint can be copied from every item you touch and you only have ten options unless you were born with more fingers

      https://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/

      1. SonOfDilbert

        Re: Biometrics

        Is it easier to copy your fingerprints and face than an electronic key fob? It seems to me that the two combined would be way harder to forge than an electronic key fob. Also, it's difficult to steal someone's face.

      2. SonOfDilbert

        Re: Biometrics

        10 fingerprints and a face vs 1 key fob that is easily copied and easily stolen. Hmmm...

    3. MachDiamond Silver badge

      Re: Biometrics

      Now you are talking about replacing a really cheap brass stamping with a computer and sensor array that can accurately take biometric measurements after sitting in the weather for 5 years and with the sun or artificial lighting coming in from just about any angle. Then consider a person at random, like Grimes, whose appearance can change rather drastically from evening to the next morning.

  17. EnviableOne Bronze badge

    1% problems

    I'm off to clone the keys of anyone with a Tesla, McLaren, Triumph or Karma round here ...

    oh i forgot, Im in NE England there arent any...

    1. druck Silver badge

      Re: 1% problems

      Plenty down here in Woking, unsurprisingly.

  18. cream wobbly

    Still relevant..?

    "I really feel like doing further research is redundant at this point, since my 2005 papers are apparently still good enough to pwn Tesla," Green noted this week.

    Wait, so he noted it this week, but I thought it was patched... I know Musk is a complete but is Green moreso?

  19. hammarbtyp Silver badge

    Basically it looks like they took the encryption designed to protect RFID tags and applied it to protect a 70 grand motor. What could go wrong?

    It looks like a combination of brute force and the fact that the key word is fixed and the algorithm itself provides clues as to the key

  20. M.Heisenberg

    break and enter

    But what do you do when thieves break into your home and just steal the keys. How can you defeat that.. especially if its done at the point of a gun? I read that is the way its done now.

    1. Alterhase

      Re: break and enter

      Yes, that's the way to do it.... but you should know how to drive.

      https://www.losaltosonline.com/news/sections/news/200-police-fire/58467-suspect-steals-car-from-la-crashes-in-sj-early-this-morning

    2. Orv Silver badge

      Re: break and enter

      My method is to drive cars that aren't worth risking a prison sentence for.

  21. Arachnoid

    Electronic keys

    Are a a convenience to some at times but are bulky compared to traditional metal keys and add more security holes than they cure.With a traditional metal key the doors can be locked and the vehicle is secured but with an electronic key it only has to be within range or have a range extender surreptitiously applied to the signal, for the doors to be opened and driven off by a.n.other.

    https://www.stokesentinel.co.uk/news/motoring/most-popular-cars-stolen-key-1429949

    Just because they are electronic many assume they are more secure than a metal imprinted key, they are not it is merely a different not better form of key coding.They also massivly multiply in expense to replace as the vehicle gets older, if you can even get the fobs made and coded ten years down the road from manufacture.

  22. TheMeerkat

    Designed for women

    As a man I find keyless entry and ignition pointless as it is not a big deal to take a key out of my pocket.

    For my wife who has a key buried deep in her handbag it is a completely different matter.

    1. Kernel

      Re: Designed for women

      Based on a couple of women I've worked with over the years, I have to wonder where the braless brigade keep their swipe access cards and cellphones.

  23. Pat Harkin
    Trollface

    "running special software."

    As opposed to?

  24. /\/\j17

    "As yet, however, the vulnerability as described in the paper has not been proven to affect our vehicles and we know of no McLaren that has been compromised in such a way."

    Translation: We KNOW the stable door is open but as the horse hasn't walked through it yet you're not going to both closing it. If the horse DOES leave the stable we'll look at closing the stable door to stop it.

    1. JohnG Silver badge

      The simpler translation is that nobody will lend the researchers a horse, sorry, McLaren, to hack.

  25. MachDiamond Silver badge

    McLaren

    McLaren's are often "there and back again" vehicles. They are kept in a garage, driven on a little jaunt and then right back to that garage again most of the time. They are very rarely daily drivers that get left in a car park or outside of a home overnight. The reason that there hasn't been one stolen through poor key security is that it's very hard to track one down in the wild.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019