PT-2018-13758 · Tesla+1 · Tesla Model S+1

Eduard Marin

Publicado

2018-09-10

Atualizado

2019-10-03

CVE-2018-16806

CVSS v2.0

3.3

Baixa

Vetor

AV:A/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Pektron Passive Keyless Entry and Start (PKES) system (affected versions not specified)

Description The issue concerns the Pektron Passive Keyless Entry and Start (PKES) system, which is used in vehicles such as the Tesla Model S. The system relies on the DST40 cipher, making it easier for attackers to gain access. The attack involves a precomputation of 5.4 TB, followed by wake-frame reception and two challenge/response operations, allowing attackers to clone a key fob within a few seconds.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327

Identificadores relacionados

CVE-2018-16806

Produtos afetados

Pektron Pkes

Tesla Model S

PT-2018-13758 · Tesla+1 · Tesla Model S+1

CVE-2018-16806

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2