International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars

Authors:
Lennert Wouters , imec-COSIC, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee
Eduard Marin , School of Computer Science, University of Birmingham, UK; imec-COSIC, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee
Tomer Ashur , imec-COSIC, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee
Benedikt Gierlichs , imec-COSIC, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee
Bart Preneel , imec-COSIC, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee
Download:
DOI: 10.13154/tches.v2019.i3.66-85
URL: https://tches.iacr.org/index.php/TCHES/article/view/8289
Search ePrint
Search Google
Abstract: The security of immobiliser and Remote Keyless Entry systems has been extensively studied over many years. Passive Keyless Entry and Start systems, which are currently deployed in luxury vehicles, have not received much attention besides relay attacks. In this work we fully reverse engineer a Passive Keyless Entry and Start system and perform a thorough analysis of its security.Our research reveals several security weaknesses. Specifically, we document the use of an inadequate proprietary cipher using 40-bit keys, the lack of mutual authentication in the challenge-response protocol, no firmware readout protection features enabled and the absence of security partitioning.In order to validate our findings, we implement a full proof of concept attack allowing us to clone a Tesla Model S key fob in a matter of seconds with low cost commercial off the shelf equipment. Our findings most likely apply to other manufacturers of luxury vehicles including McLaren, Karma and Triumph motorcycles as they all use the same system developed by Pektron.
BibTeX
@article{tches-2019-29319,
  title={Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universit├Ąt Bochum},
  volume={2019, Issue 3},
  pages={66-85},
  url={https://tches.iacr.org/index.php/TCHES/article/view/8289},
  doi={10.13154/tches.v2019.i3.66-85},
  author={Lennert Wouters and Eduard Marin and Tomer Ashur and Benedikt Gierlichs and Bart Preneel},
  year=2019
}