Abstract

Tesla Model 3 has equipped with Phone Keys and Key Cards in addition to traditional key fobs for better driving experiences.These new features allow a driver to enter and start the vehicle without using a mechanical key through a wireless authentication process between the vehicle and the key.Unlike the requirements of swiping against the car for Key Cards, the Tesla mobile app's Phone Key feature can unlock a Model 3 while your smartphone is still in a pocket or bag.In this paper, we performed a detailed security analysis aiming at Tesla keys, especially for Key Cards and Phone Keys.Starting with reverse engineering the mobile application and sniffing the communication data, we reestablished pairing and authentication protocols and analyzed their potential issues.Missing the certificate verification allows an unofficial Key Card to work as an official one.Using these third-party products may lead to serious security problems.Also, the weaknesses of the current protocol lead to a man-in-the-middle (MitM) attack through a Bluetooth channel.The MitM attack is an improved relay attack breaking the security of the authentication procedures for Phone Keys.We also developed an App named TESmLA installed on customized Android devices to complete the proof-of-concept.The attackers can break into Tesla Model 3 and drive it away without the awareness of the car owner.Our results bring into question the security of Passive Keyless Entry and Start (PKES) and Bluetooth implementations in security-critical applications.To mitigate the security problems, we discussed the corresponding countermeasures and feasible secure scheme in the future. I. INTRODUCTIONPassive Keyless Entry and Start (PKES) is an intelligent automotive system allowing drivers to pull the door directly to enter and start the car.The traditional PKES requires a key fob to provide the legitimacy and the vehicle to verify it.New car models of Tesla, Volvo, Mercedes-Benz, and Lincoln enable car owners to use their smartphones to unlock and activate their cars automatically [81], [85].To continuously enrich the driving experiences, Tesla supports three types of keys: Phone Keys, Key Cards and key fobs [52] for Model 3, Model X, Model Y, and Model S. * Both authors contributed equally.Key fobs adopted in classical PKES contain a lowfrequency (LF) radio frequency identification (RFID) tag and ultrahigh-frequency (UHF) transceiver, and the vehicle equips with an LF receiver and UHF RFID tag [48].The LF channel is responsible for detecting whether the key fob is within an allowed region, whereas the UHF channel is for challengeresponse verification.Relay attack is a widely known vulnerability against this technique used in key fobs [1], [2], [27], [47].It allows adversaries to open and start the car by distance fraud.Distance bounding technique is commonly proposed to prevent relay attacks [32], [45], [62], [70].Karani et al. [42] and Lin et al. [49] designed and implemented the PKES based on BLE.This new PKES monitors the BLE received signal strength indicator (RSSI) measurements from the key to estimate users' proximity.Some works insist that considering other techniques or features should be a better solution.They utilize multiple physical features, namely, RSSI, Round-Trip time, Global Position System (GPS) coordinates, and Wi-Fi access point lists, to precisely identify the proximity of a vehicle to its corresponding key fob [20], [63], [83], [84]. A. Ansari et al. [5] transmits the cryptographically secure combined bio-crypto data to enhance the authentication.Focus on the security issues of Tesla key fobs, considering the first version of the Tesla Model S key fob based on DST40, the research [15] proves that it is susceptible to a brute-force attack.Moreover, this first version misses mutual authentication in the challenge-response protocol.It also has no firmware read-out protection and security partitioning [87].Further, Wouters et al. [88] target the second version of the key fob based on DST80.Through reverse engineering immobilizer firmware, they recover the key by downgrade attack leading to a reduction of key entropy.They also describe a Denial-Of-Service attack, which can render the key fob unusable.Also, Tesla warned of theft risk through relay attacks [75].To fix bugs and add features, Tesla introduced over-the-air updates.However, Wouters et al. [78], [86] declared that a hacker could rewrite the firmware of a key fob via Bluetooth connection, lift an unlock code from the fob, and use it to break a Model X just in a few minutes.Key Cards communicate with the vehicle using RFID signals in standard ISO 14443.When you tap the Key Card on the driver's side pillar, doors can be opened.However, it does not support automatic locking and unlocking.Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate Key Card and using a Near Field Communications (NFC) relay attack [21].When an owner enters the car, he needs to swipe the Key Card on the console right by the cup