Electrek article regarding improved cryptography key fob and PIN

[JohnnyG]

Initially I thought the same, why can’t I change it in the car by entering the pin etc. However what if you let someone drive your car and they change the pin? I think forcing the full credentials in car is a good way to control the issue of unauthorized changing of the pin so only the account holder can change it.

I do agree it would be nice to have some kind of control on pin to drive in the app.

I'm okay with not being able to change it in the car... that's exactly how the Valet & Speed Limit PINs are setup. However, the Valet & Speed Limit PINs are able to be reset within the app, without going through the in-car process for forgetting your PIN.

That said; I do agree that this PIN is particularly more sensitive, because if someone did screw with you, can can't drive the car... period.
At least with Valet & Speed Limit, you could still drive the car; albeit in a limited fashion.

With that, I do agree that maybe it should be locked down by the user credentials.

I would think that all three of these PINs should be able to be set / reset / cleared from our MyTesla page.

 

[Reeler]

For someone willing to spend the money buying the equipment to hack your fob, I think they can also buy a pair of binoculars to read the pin you enter.

Why on earth didn't Tesla start using the new fobs on the Model S when they started to sell the Model X with them? The Model S was delivered with the old fob for 2.5 years before they figured it out (probably prompted by early knowledge of this hack).

I thought Tesla was trying to reuse as many parts as possible on their different models?

 

[mongo]

For someone willing to spend the money buying the equipment to hack your fob, I think they can also buy a pair of binoculars to read the pin you enter.

Why on earth didn't Tesla start using the new fobs on the Model S when they started to sell the Model X with them? The Model S was delivered with the old fob for 2.5 years before they figured it out (probably prompted by early knowledge of this hack).

I thought Tesla was trying to reuse as many parts as possible on their different models?

The S fob is shaped like an S, the X like a X. Different circuit boards/ housings and likely used newer parts on the X.

 

[Jan Fiala]

Do I get it right that the newer FOB with longer encryption key doesn't solve the FOB range extension attack? Or did they implement some time/range sensitive handshake to prevent this kind of attack?

 

[E-Ryc]

@mongo - I've read that X fob is using bluetooth type of communication and frequencies (2.4Ghz), S one "remote control" ones. You can most probably tell by opening one if you have one nearby.

@Jan Fiala It was said somewhere that X fob is more resistant to this type of attack (because of using different technology stack). But I doubt it would be 100%

 

[Ketchups]

Can you turn PIN to drive off anyway other than using the forgot your PIN option?

You either have to use the PIN, or if you can't remember the PIN, use the in-car process for 'forgot your PIN'.

Yes you can turn it off by using your pin

keyless driving option in the app overrides ptd.

to me, not having the ability to reset the PIN via app seems like TSLA just rushed to get ptd out there. hopefully there will be a lot more features with v9.

I am waiting for the day they offer admin/guest accounts.

 

[RichieB]

I just received my updated key fob. I paid € 132.23 (ex tax) per fob. The line item is:
KEY FOB, EU 433Mhz, MODEL S, DTS80 (1455937-00-A)

 

[.jg.]

Do I get it right that the newer FOB with longer encryption key doesn't solve the FOB range extension attack?

Correct, relay attacks are a problem, regardless of the fob type and the key length. The fob with the higher encryption addresses a different exploit, which does not depend on Passive Entry being enabled.

Or did they implement some time/range sensitive handshake to prevent this kind of attack?

As I understand it, no. I'm not sure that could be achieved with the existing smart key module in the car.

 

[meomyo]

Service Center in Switzerland told me, they know only what they read in the press.
But they think, that before it will be available at the service center, Tesla will inform each customer per email, like they did with the steering wheel.
I got email about the steering wheel in April 18, but did not fix it till today, i'll wait for the key fob replace and let it do both.

What steering wheel issue?

 

[Jan Fiala]

Why to bother with the FOB replacement when you got pin to drive...

 

[tranzndance]

Why to bother with the FOB replacement when you got pin to drive...

Why bother with PIN to drive when there's the fob replacement?

I'm doing neither since it's currently not an issue in the US.

 

[Jan Fiala]

Because the new fob solves the key copy problem only, which is actually not an issue even in Europe...

Why bother with PIN to drive when there's the fob replacement?

 

[pjw65]

What steering wheel issue?

"Replace Bolts In Steering Rack Housing", did it yesterday together with solving "trunk not opening/closing".

See Tesla issues a voluntary recall for power-steering bolts in all 123,000 pre-April 2016 Model S vehicles

 

[mongo]

"Replace Bolts In Steering Rack Housing", did it yesterday together with solving "trunk not opening/closing".

See Tesla issues a voluntary recall for power-steering bolts in all 123,000 pre-April 2016 Model S vehicles

While related to steering, that is not the wheel. It's the bolts that hold the power assist motor to the steering rack.

 

[flipb]

Just curious, what is the likelihood that future models include some sort of biometric sensor(s) to deter theft & unauthorized usage? Could even make Valet Mode automatic if the driver isn't recognized by biometrics (but the key is present). Or require PTD if biometrics aren't recognized.

Something like the iPhone's facial recognition could be a pretty seamless experience in the driver's seat.

 

[Reeler]

Just curious, what is the likelihood that future models include some sort of biometric sensor(s) to deter theft & unauthorized usage? Could even make Valet Mode automatic if the driver isn't recognized by biometrics (but the key is present). Or require PTD if biometrics aren't recognized.

Something like the iPhone's facial recognition could be a pretty seamless experience in the driver's seat.

The Model 3 already has the video camera pointing at the occupants. I am sure that their AI chip would have the computing power to do this. Great Idea!

 

[whitex]

Why bother with PIN to drive when there's the fob replacement?

New fobs don't solve key relay attacks, which are the main problem since those attacks are more common and not Tesla specific (the same hardware is used to break into many cars).

That said, you could always just use "the club" for less than $20, and it may work better as it serves as a deterrent - thieves see it and won't bother trying to hack the key knowing it's there. They won't know a out PIN to drive until they are in your car already.

 

[VValleyEV]

Last week I paid $150 apiece to replace my fobs with high encryption versions. From what I read in this thread, I was mistaken that this would thwart a relay attack depending upon passive entry being enabled, such as those in Europe possible with $100 worth of hacking gear.

Is this really true, so with the new high encryption fobs I am just as vulnerable to relay attacks if I leave passive entry enabled? If so this means that although there are yet no reports of relay attacks in the US, that if I want to defend against them I still have to disable passive entry and/or use PIN to Drive.

I guess to be on the safe side I should just grit my teeth and use PIN to Drive. I can’t see disabling passive entry: it is so great not to have to fish in to my pocket for the fob at all for most of my drives. I hope that there will be some other technical solution to thwart the relay attack. I could live with a “Face to Drive” implementation like my iPhone. Still can be hacked but the point is not trivially.

I am still happy that my new fobs block other attacks not dependent on enabling PIN to drive, whatever those are. Any details on those and whether they have been exploited and where and how often?

 

[whitex]

Last week I paid $150 apiece to replace my fobs with high encryption versions. From what I read in this thread, I was mistaken that this would thwart a relay attack depending upon passive entry being enabled, such as those in Europe possible with $100 worth of hacking gear.

Is this really true, so with the new high encryption fobs I am just as vulnerable to relay attacks if I leave passive entry enabled? If so this means that although there are yet no reports of relay attacks in the US, that if I want to defend against them I still have to disable passive entry and/or use PIN to Drive.

I guess to be on the safe side I should just grit my teeth and use PIN to Drive. I can’t see disabling passive entry: it is so great not to have to fish in to my pocket for the fob at all for most of my drives. I hope that there will be some other technical solution to thwart the relay attack. I could live with a “Face to Drive” implementation like my iPhone. Still can be hacked but the point is not trivially.

I am still happy that my new fobs block other attacks not dependent on enabling PIN to drive, whatever those are. Any details on those and whether they have been exploited and where and how often?

New crypto only blocks key cloning, a fairly sophisticated attack and specific to the kind of key. RF relay is more generic (works on more cars) and easier to use, so more likely to be utilized. If someone wanted to specialize in stealing Teslas, they would probably use another, more reliable attack vector than key cloning. That said, given how rare these incidents are today in the US, why worry about it and inconvenience ourselves with PIN to drive? I know the western society has become increasingly risk averse, but life is full of risks, so one shouldn't worry about the small ones. 22 people on average die from life ing strikes every year in the US, 1 or 2 in perfectly sunny weather, yet it doesn't stop people from going outside or make them drag grounding umbrellas, because they are a hassle, as is PIN to drive.

 

[KArnold]

Or get a $5 RF blocking soft pouch. Just take it out of pouch when you drive.