You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
Sorry Nigel, I feel I said enough on topic anyway, anyone else more inclined can Google further on the subject.
About the starting of the car from the phone this us an interesting dynamic because your key and the security in place is supposed to act as the barrier from theft. There was a pretty great description of the unlock and moving process behind this that was submitted to the NHTSA if I am not mistaken and a lot actually happens here.
Pulling just from memory the car does a check for the key when you go to unlock the doors. When you sit down it looks for the key again, and when you press the break it does one more check. If at any point it fails these checks it will lock down the car preventing it from moving. There was a far more technical description of this in the document sent and I don't know where it is off hand in order to reference.
Shifting this into your phone you would potentially attack this in one of two methods. Most phones have the ability to send other signals not just the cell frequencies being used to call someone or transmit data. Hypothecially they could emulate the key through the software in order to unlock the breaks and allow the car to drive. I don't know if the phone emits the right signal for this though and would likely limit it to a specific brand or brands of phones.
The second being through the 3g on the car using the exact same connection the app has by default. This would make it compatible with any phone that has the app and would not be brand or hardware or software specific (would just need to code in the extra menu option on the app which might be why it is IOS only right now). The interesting bit about doing it this way is not just allowing the car to drive away using the phone, but the way the connection is made, I could be on the other side of the planet and allow my car to be driven.
Hey Bob can I borrow your car? I heard you were across the country in LA for a conference.
Sure, hold on, I don't have a key to give you, but let me turn it on for you through my phone.
The implications are interesting, but I wonder if this breaches the requirements mandated by the NHTSA and if they will have to submit a waiver or something?
Hopefully it'll get back on track or Tesla will finally release the real FW v6.0......
Stop stop stop on the smartphone geek hijack of threads. Mods, where R U? Do we have to roll brianman or aviator back out to activate you?
IMO you're overthinking this.
A simple version could work like this:
With a fob in the car, you could authenticate a phone to connect via BT. (I believe this is how the Tesla already works -- you can't pair a phone, unless there's a key on the car).
Once authenticated, the phone is more-or-less equally secure as the fob. (If you have the fob, or a phone, located proximate to the car with an authenticated BT connection, you can drive away.)
However, with the phone, you can add additional authentication requirements, such as a PIN entered on phone or screen, or something fancy like Apple's TouchID, which is more secure than a fob without authentication.
So, I don't see a scenario where the phone is emulating a key -- and I'm almost positive that smartphones don't have the required radios onboard to perform that emulation. I also don't think a cellular connection is required -- again, IMO, a BT connection is sufficient to complete a high security authentication implementation.
There are theoretical hacks against keyless systems, and the Bosch "Keyless Go" (which may or may not be the system Tesla uses) system has been hacked by people who were able to get a receiving antenna within a couple of feet of the fob and car.
There are also theoretical hacks against BT systems, but again, IMO, a BT system is more secure than the existing fob, and only super-spys need to be concerned about this threat.
Authenticating the car to start via cellular is an interesting idea, and it has a certain cool factor, but I share your concern that it could be easily exploited -- basically it depends mainly on your Teslamotors.com password.
I guess I just don't see the big deal here. When driving a car is as simple as hitting someone over the head and taking the key from their {purse,man-bag,pocket,cabinet,keylocker}, I just don't understand why there is so much hand-wringing over the ability to use a teslamotors.com password to activate the car remotely. You need physical access to the car, so it's unlike stealing digital assets which can be done from anywhere.
So what are the malicious use cases?
* My car is at home, I am home. I'm going to give you my key once you can get past the cuteness of the 3 fluffy cats and other obstacles that I may have.
* My car is home, I am not. Rummage around, you're likely to find my keys where the rest of them usually hang. No need to crack my username/password.
* My car sits at a business for a short-term errand. It's easier to wait until I emerge, then demand my key using a weapon.
* My car sits at a business for a long-term errand (including work). You can either wait for me to emerge and take my key, or rummage through my desk/bag/coat.
I know what you're saying... "but what if my phone is found, they notice I have the Tesla app? They can walk around the parking lot until they find my car and drive off!" But just replace "phone" with "key" and it's the same thing, even EASIER! And there's another answer to that - protect your phone with a passcode or other security lock.
Very honestly, the only case that I'd be half-worried about when compared to more conventional ways to steal a car is the case where Tesla's back-end infrastructure is compromised, and for a short period of time some enterprising thieves have the ability to activate any car on demand... i.e., bad burglar #1 learns that all Teslas are now available to him. He sees I have a Tesla, e-mails my VIN # with some payment to "tesla haxxor", and "tesla haxxor" replies with either a new username/password combination or mine (depending upon security of the database and method of compromise), and bad burglar uses that to activate my car. That scenario is dangerous but would be extremely short-lived. The first few people to have their cars stolen this way would report them, police would contact Tesla, Tesla would see that it was activated remotely via the app, and start digging quickly. When it happened more than once it would cause them to lock things down while they dig out. Of course, that's not new to Tesla, either. Most auto manufacturers keep a database of key codes that could be used to cut a new key for any newer car out there -- it's just that there are easier ways to steal a car!
Other than those who have some other beef here (like complaining that Tesla hasn't offered full OAUTH-based API authentication), I just don't understand how this is any less secure than what we deal with today. My $0.02.
I agree. I actually hope they don't implement a pin code on the screen as others have suggested. I don't want to type a code to drive my car. If it requires that, I'll just keep using the fob so I can just get in and drive. I believe most people are just way over-thinking this. I'm anxious to see what Tesla came up with.
They're probably going to utilize TouchID for driving the car without the key fob.
I agree. I actually hope they don't implement a pin code on the screen as others have suggested. I don't want to type a code to drive my car. If it requires that, I'll just keep using the fob so I can just get in and drive. I believe most people are just way over-thinking this. I'm anxious to see what Tesla came up with.
Ever seen Angels and Demons or read the book? I'm not thrilled with the prospect of having biometric scanners all over the place. If someone really wants to steal it, then I say fine go ahead.
Anyone else mention or think the "release" or screen grabs were a beta test themselves of our possible 6.0?
In other words, it's a look ahead at what's close to the final product. And their goal is to get our real feedback.
And from there, they "may" go as is, makes changes given reactions, or supplement what they've done.
Keep in mind no one has actually gotten 6.0, so it's not a done deal, especially for a good programmer(s).
Anyone else mention or think the "release" or screen grabs were a beta test themselves of our possible 6.0?
In other words, it's a look ahead at what's close to the final product. And their goal is to get our real feedback.
And from there, they "may" go as is, makes changes given reactions, or supplement what they've done.
Keep in mind no one has actually gotten 6.0, so it's not a done deal, especially for a good programmer(s).
IMO, it was not a controlled leak. But, if it was, based on the response it has received indicating many people wanted more things and TM tries to accomodate everyone, then we will not see 6.0 till 2015.I also think it was a controlled leak.
Anyone else mention or think the "release" or screen grabs were a beta test themselves of our possible 6.0?
In other words, it's a look ahead at what's close to the final product. And their goal is to get our real feedback.
And from there, they "may" go as is, makes changes given reactions, or supplement what they've done.
Keep in mind no one has actually gotten 6.0, so it's not a done deal, especially for a good programmer(s).