How likely is keyless theft 2023

[GeorgeSymonds]

I think you are confusing a targeted multi vector attack against typically well managed and secured resources with someone losing their phone.

I’m just thinking of total risk

There’s evidence that the thefts a while ago were an organised gang, at least in the sense a lot of cars were taken in one area.

I get the “lost phone” scenario in the same way people lost car keys, but they then need to find the car the phone matches.

As I said in my first post on the topic, I can see why some would use P2D, and I do in a few specific situations, I guess I’m just questioning if some think they’re protected because of it while doing other things like widespread sharing of tokens for various reasons which might undo some of the protection, and they don’t realise the potential consequences.

 

[Jason71]

If relay attack ever became prevelent it would be good to have the option to put frunk opening behind the P2D for added security

 

[MrBadger]

If relay attack ever became prevelent it would be good to have the option to put frunk opening behind the P2D for added security

Not if your car computer fails.

When ours did, it was said that the car would probably have been drivable had P2D not been enabled. Had P2D been part of frunk opening, we wouldn’t have even got as far as stage 1 of the diagnostic operation, which was to disconnect LV battery. Thankfully we could access that via opening trunk with 12v battery.

 

[Tony Hoyle]

The lengths a thief would have to go to relaying bluetooth, bypassing P2D (the only case I've ever heard of this they had to dismantle the dash) they're just going to hire a flatbed truck and take the car wholesale.. It's just not worth that kind of effort for a low chance of success when an easy solution exists.

 

[WannabeOwner]

If any of those 3rd parties are compromised

What's the scenario for that? I'm thinking that my wife shares my Tesla password ... but her phone, like mine, auto screen locks in 30 seconds ... so being in possession of either phone will get you the car unlocked, but not access to the APP to bypass P2D

Just want to be sure I'm not missing something here that I could / should tighten up on.

I get the “lost phone” scenario in the same way people lost car keys, but they then need to find the car the phone matches.

In my case "lost phone" is usually "left it in the car" (so that is either my wife, or I, have left a phone in the car - maybe in her handbag - ditto with Fobs. So wingmirrors still "out" advertising "unlocked" ...

 

[MrBadger]

You speak to anyone in security, unless something is specifically targeted, a thief will take the easy option. eg The phone/keys in the pocket/bag of the person they just saw get out of a car, or the Range Rover parked on someone’s drive.

 

[FastLaneJB]

I think Tesla need to go a step further and add in Ultra Wide Band. Yes this is a hardware change so only newer cars would have it but that does have time in flight and hence relay attacks do not work.

Other makes are adding this in. Land Rover have had it in their key fobs even for a few years so not sure if the ones being stolen these days are older cars or they are breaking into houses to get the fobs though.

 

[GeorgeSymonds]

What's the scenario for that? I'm thinking that my wife shares my Tesla password ... but her phone, like mine, auto screen locks in 30 seconds ... so being in possession of either phone will get you the car unlocked, but not access to the APP to bypass P2D

Just want to be sure I'm not missing something here that I could / should tighten up on.



In my case "lost phone" is usually "left it in the car" (so that is either my wife, or I, have left a phone in the car - maybe in her handbag - ditto with Fobs. So wingmirrors still "out" advertising "unlocked" ...

If somebody has your Tesla token (the thing you need to give to Tessie, Teslafi, etc) and with a tiny bit of knowledge, you can do everything you can do via the App - ie locate the car, open the doors, remote start etc . Now I’m sure Tessie and Teslafi and the rest will all maintain they have great security controls, but equally we also know that even the companies with big security budgets can get hacked and data exposed. I also recon most of these third party apps start as one man outfits writing code in their spare bedroom, although that might be a plus point. It’s hard to quantify the risk, but a while back Tesla enforced a load of password changes which would have reset the tokens.. was that dealing with a small breach by one of the lesser known companies?

And I’ve said, I’ve only ever had one uninvited person ever sit in my drivers seat and that was 25 years ago, and it’s only then would they discover whether P2D being on or off. Sentry mode is a much more effective deterrent.. you start fiddling with the car door or taking an unhealthy interest and the lights starting to flash etc would be a visible clue to the thief and encourage them to move on, it would be even better if that data was streamed to the cloud and wasn’t so energy hungry, but we are where we are.

 

[MrT3]

I think Tesla need to go a step further and add in Ultra Wide Band. Yes this is a hardware change so only newer cars would have it but that does have time in flight and hence relay attacks do not work.

Other makes are adding this in. Land Rover have had it in their key fobs even for a few years so not sure if the ones being stolen these days are older cars or they are breaking into houses to get the fobs though.

Tesla filed for FCC approval some years ago with UWB components so I guess they will move to them at some point.

Land Rover was forced to move to UWB because their old solution was actively being exploited, the same as some of the other manufacturers. Tesla's bluetooth implementation has a proof of concept attack against it but nothing in the wild yet, and the keycards are Java based so cannot be simply cloned either like standard RFID fobs.

 

[Tony Hoyle]

Hopefully the app side will get better soon..

Tesla To Add Official Support for Third-Party Services and Apps

Tesla prepares to transform user experience by enabling support for third-party applications. Discover how this may revolutionize the way we interact with our T

www.notateslaapp.com

The ability to give only limited access to 3rd parties has been needed for a while.

 

[Sans-gas]

I haven’t activated the pin, but always listen that it locks. Sometimes it doesn’t.

 

[Cloggie]

I haven’t activated the pin, but always listen that it locks. Sometimes it doesn’t.

All the more reason to have a PTD activated!

 

[cryo]

Some are slightly complicating this issue, If Tesla's started to get targeted a simple over the air update could block whatever had made the car security vulnerable, bearing in mind your car can talk to Tesla and make them aware of the vulnerability and how its operating. Other manufactures would point out to you that you can bring the car into the service centre and leave it for a day and they may possibly have a tech with the skills to do an upgrade or they could just say "not our problem sir but the new model in he showroom will not have this vulnerability" which I suspect would be the standard answer. Tesla are very good at following up security problems other manufactures generally are not and Tesla can change the factory line build/software configuration on the fly other manufacturers generally do not until a new model line comes out. My previous car was a Discovery Sport which going by the local Teesside reports would have disappeared off my drive one night if I had not changed it out for a Tesla leading to lots of disruption (Range Rover+BMW over the road stolen last month) I think people greatly undervalue Tesla's security and their ability to quickly protect their cars with over the air software solutions.

 

[cryo]

I don’t use P2D unless I’m on an overnight road trip. I see it as an unnecessary step where I live. I don’t deactivate Bluetooth either.

I live in a relatively safe neighbourhood so not concerned about break-ins. It’s all relative though; if you’ve got a police note about break-ins and thefts then it’s definitely worth thinking about the right measures to protect your car.

If I lived somewhere more urban or high risk I might be inclined to activate it.

Car thieves are moving out of urban areas to more secluded small towns and villages where there are less police and a far longer police response times. I suspect in the not too distant future the first question from our insurance companies will be did you have the pin to drive anti theft measure enabled as they will use any excuse to refuse responsibility for a pay out.

 

[MrT3]

I suspect in the not too distant future the first question from our insurance companies will be did you have the pin to drive anti theft measure enabled as they will use any excuse to refuse responsibility for a pay out.

They would have to state in the policy first that this functionality is required. Not aware of any insurance company insisting on this yet. Their issue with Tesla seems to be parts availability and cost of repair rather than theft of the vehicle.

 

[GeorgeSymonds]

I think we need to calm down a little

FOI report from the Met police regarding stolen Teslas by year:

When you consider the increase in the number of Teslas on the road in that time you can see the issue is largely an old one dating back 4-5 years, and in 2021, of the 13 stolen, all but 4 were recovered.

I presume Met police is only their area so nationally the figures will be higher, but for context other Met Police FOI data shows in 2021 there were a total of 21,568 car thefts, and 421 of them look to be car jacking. I don't know what proportion of cars in London area are now Teslas, but we're in the region of 1 in every 2000 cars stolen being a Tesla and you can count the ones gone forever on the fingers of one hand.

 

[Pink Duck]

There also seems to be some confusion about Bluetooth LE time-of-flight. That was the whole reason the older S keyfobs had a hardware update, so that time-of-flight information could be encoded with the data transmissions to mitigate relay attack (though not entirely). Communcations capability there from beginning with Model X for wireless update. The phone-as-key approach of 3/Y opened new attack vectors, that have been more recently exploited/mitigated. The worst of those was the one from last year where a thief with appropriate hardware could bypass P2D in-car within 40 seconds.

 

[Jason71]

I think we need to calm down a little

FOI report from the Met police regarding stolen Teslas by year:

View attachment 952835

When you consider the increase in the number of Teslas on the road in that time you can see the issue is largely an old one dating back 4-5 years, and in 2021, of the 13 stolen, all but 4 were recovered.

I presume Met police is only their area so nationally the figures will be higher, but for context other Met Police FOI data shows in 2021 there were a total of 21,568 car thefts, and 421 of them look to be car jacking. I don't know what proportion of cars in London area are now Teslas, but we're in the region of 1 in every 2000 cars stolen being a Tesla and you can count the ones gone forever on the fingers of one hand.

Early MS (and Maybe MX) have over the years had some known exploits so it would be interesting to know how many of the above are NOT those. The fact that the thefts are actually down despite the massive increase in vehicle numbers is impressive.

I am assuming that any really clever exploits will originate in California given the number of Teslas there and the number of tech savvy people. So hopefully if they do they will be identified and patched before they even make there ways to these shores.

 

[Adopado]

I think we need to calm down a little

FOI report from the Met police regarding stolen Teslas by year:

View attachment 952835

When you consider the increase in the number of Teslas on the road in that time you can see the issue is largely an old one dating back 4-5 years, and in 2021, of the 13 stolen, all but 4 were recovered.

I presume Met police is only their area so nationally the figures will be higher, but for context other Met Police FOI data shows in 2021 there were a total of 21,568 car thefts, and 421 of them look to be car jacking. I don't know what proportion of cars in London area are now Teslas, but we're in the region of 1 in every 2000 cars stolen being a Tesla and you can count the ones gone forever on the fingers of one hand.

And even from those numbers they will mostly be Model S and Model X with the earlier security rather than Model 3 and Model Y ...

 

[GRiLLA]

There also seems to be some confusion about Bluetooth LE time-of-flight. That was the whole reason the older S keyfobs had a hardware update, so that time-of-flight information could be encoded with the data transmissions to mitigate relay attack (though not entirely). Communcations capability there from beginning with Model X for wireless update. The phone-as-key approach of 3/Y opened new attack vectors, that have been more recently exploited/mitigated. The worst of those was the one from last year where a thief with appropriate hardware could bypass P2D in-car within 40 seconds.

Sorry, that's not really accurate. The last generation S and X don't use Bluetooth at all, the reason the keyfobs were updated was because the encryption used was only 40bit and could be cracked by modern computing within a few seconds so a key could then be cloned. The new fobs doubled this to 80bit. Read here for more Tesla rolls out Key Fob security update for Model S to address risks of cloning

Neither that, or Bluetooth LE used on 3, Y and the newest S and X have time of flight protection as far as I've read. Bluetooth specifically doesn't have a mechanism other than requiring a short time to get to the car, but it's already demonstrated that with optimised electronics this isn't a barrier to relay attacks. See Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks

There are other mitigations in the Tesla's key mechanism, the details of which aren't published, but I can see there certainly seems to be some use of GPS to determine locations and RSSI to range the distance from the car, but these are clearly not fully guaranteed.

UWB which is on some BMWs and the Apple CarKey stuff does support time of flight, but it needs the UWB hardware which is far from ubiquitous on phones at the moment. So as per NCC Groups advice, use Pin2Drive to mitigate the risk.