Tesla Opens with Precomputed Key Fob Attack


This clever precomputation attack was developed by a group of researchers at KU Leuven in Belgium. Unlike previous key fob attacks that we’ve covered in the past which have been essentially relay attacks, this hack precomputes a ton of data, looks for a collision in the dataset, and opens the door. Here’s how it works.

Tesla opted not to design their own key fob system, but licensed a product based on Texas Instruments’ DST40 Cipher. A vehicle using this system broadcasts a radio message containing the car’s unique identifier. If the key fob is in range, it will respond to that broadcast, initiating the cryptographic handshake. The vehicle sends a 40-bit challenge message, and the key fob replies with a 24-bit response.

DST40 is the cryptographic cipher that powers this handshake. The key fob has a 40-bit secret key burnt into it’s circuit. DST40 takes the 40-bit challenge, combines it…

Follow Me

Peter Bordes

Exec Chairman & Founder at oneQube
Exec Chairman & Founder of oneQube the leading audience development automation platfrom. Entrepreneur, top 100 most influential angel investors in social media who loves digital innovation, social media marketing. Adventure travel and fishing junkie.
Follow Me

More from Around the Web

Subscribe To Our Newsletter

Join our mailing list to receive the latest news from our network of site partners.

You have Successfully Subscribed!

Pin It on Pinterest