PT-2018-13758 · Tesla+1 · Tesla Model S+1

Eduard Marin

Published

2018-09-10

Updated

2019-10-03

CVE-2018-16806

CVSS v2.0

3.3

Low

Vector

AV:A/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Pektron Passive Keyless Entry and Start (PKES) system (affected versions not specified)

Description The issue concerns the Pektron Passive Keyless Entry and Start (PKES) system, which is used in vehicles such as the Tesla Model S. The system relies on the DST40 cipher, making it easier for attackers to gain access. The attack involves a precomputation of 5.4 TB, followed by wake-frame reception and two challenge/response operations, allowing attackers to clone a key fob within a few seconds.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2018-16806

Affected Products

Pektron Pkes

Tesla Model S

PT-2018-13758 · Tesla+1 · Tesla Model S+1

CVE-2018-16806

Weakness Enumeration

Related Identifiers

Affected Products

References · 2