Researchers have found a unique attack technique which will give hackers the chance to unlock a Tesla Model S vehicle in only two seconds.
Researchers discovered that the problem lay in the wireless key fobs of Tesla Model S sedans; the fobs, which can be used to unlock vehicles, came with poor cryptographic and encryption standards.
Tesla Model S key fobs send out an encrypted signal, based on a cryptographic key, to a vehicle’s radio system in order to initiate the lock/unlock process.
However, by using roughly $600 in radio and PC equipment, a hacker is able to read the signals from a Tesla key fob, clone the key, open the car and drive away in no time at all, because the manufacturer Pektron — only use 40-bit ciphers to encrypt messages.
Companies and individual people must take certain precautions against this growing phenomenon of malware cyber attacks; for that they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows or antivirus for Mac depending on which OS your device is using.
Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
Tesla is now aware of the breach and after confirming the security problem, Tesla paid the researchers $10,000 for their founding.
Tesla said in a statement:
“Due to the growing number of methods that can be used to steal many kinds of cars with passive entry systems, not just Teslas, we’ve rolled out a number of security enhancements to help our customers decrease the likelihood of unauthorized use of their vehicles.”
The spokesperson added that Tesla has worked with their supplier to boost the cryptographic standards of key fobs, and a corresponding software update will allow owners of vehicles built prior to this month to switch to new key fobs if they so choose.
By employing new rules, security experts can register with the company “in good faith” to bug hunt, with their vehicles becoming “research-registered.”
This will ensure Tesla will provide assistance and over-the-air (OTA) updates to cars should their software become damaged during testing.
Keep in mind that every device has a significant value that must be protected by at least cybersecurity solution like an antivirus. Depending on which OS your device is running, install an antivirus for Windows or antivirus for Mac for total protection. Companies must take an extra step and hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking test.
For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.