Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

How much would you pay for new fobs so your car cannot be easily stolen?

How much should we pay to get our two Model S fobs replaced?

  • $300 each like most premium car brands charge for a new fob

    Votes: 4 3.6%
  • $150 each which is about what it costs today for a new fob with reprogramming

    Votes: 8 7.1%
  • $100 each is a good price for a fob

    Votes: 17 15.2%
  • $50 each since Tesla is partially to blame

    Votes: 15 13.4%
  • $25 each since they probably cost Tesla a small fraction of that amount

    Votes: 12 10.7%
  • FREE since Tesla knew about the better design, but was sloppy here

    Votes: 56 50.0%

  • Total voters
    112
  • Poll closed .

Reeler

Decade of Pure EV Driving
Oct 14, 2015
1,756
1,306
Denver, CO
Your Model S can be stolen with a few hundred dollars of off-the-shelf equipment if you didn't buy in the last few months. Cars sold before June 2018 have this vulnerability, but not any Model X so Tesla has had the solution available for a few years without bothering to update things on the Model S.

They will have a solution soon, but it requires software updates to your car. Apparently you have to replace all your fobs to get the new protection. A PIN-to-start feature was added to the car, but I hate those sorts of things and that is why most phones have gotten rid of it.

How much should we pay to solve their sloppiness to get new fobs?
 
  • Funny
Reactions: robby

jorobsand

Member
Nov 12, 2017
301
293
Charlotte, NC
I wouldn’t pay anything. I don’t care if my car is stolen tbh

You and I think alike. We should definitely talk more, but I can't seem to find your address. Can you resend?

But seriously, I wouldn't pay anything either. No matter the technology, there will always be vulnerabilities. Someone with enough motivation to steal a car will likely be able to do so.
 

bob_p

Active Member
Apr 5, 2012
3,725
2,922
We need to put this all in perspective.

For most Tesla owners, their vehicles are probably not at great risk. Few Tesla vehicles are stolen, and almost all of those are recovered.

The recent PIN software update is likely more a PR move than fixing a real problem facing many Tesla owners, similar to how Tesla quickly reacted to the first vehicle fire in late 2013, when they temporarily disabled automatic air suspension until they could add more armor plating protecting the battery pack.

Adding secondary authentication is useful - and they should consider additional options such as detection of linked smartphones, voice recognition, facial recognition (if they had a driver facing camera), geolocation (when parking in a known safe location), …

But the best solution is to fix the key fob security - and either make that available under warranty or at a reasonable upgrade cost for the affected vehicles.

And they should send e-mail or written notifications to all affected owners, to make it clear which vehicles do or do not have this risk.
 

AMPd

Active Member
Nov 27, 2012
4,612
4,415
Northern California
You and I think alike. We should definitely talk more, but I can't seem to find your address. Can you resend?

But seriously, I wouldn't pay anything either. No matter the technology, there will always be vulnerabilities. Someone with enough motivation to steal a car will likely be able to do so.
I’ll private message you my address

But agree. No one is gonna steal a car like this on a whim. And if someone already decided to do so, well then I’m sure a few more technical hurdles won’t stop them.
 

tranzndance

Member
Sep 10, 2017
495
325
Bay Area
A common issue in the Bay Area is that thieves break the small back window so they can pull down the backseat to access the trunk. Even people who have nothing in their trunk have fallen victim to this crime. With the vulnerability, there might not be interest in stealing cars, but they could likely access the car to steal the contents. The benefit of the new fob could be protecting the car from that scenario. However, having that vulnerability might mean the thieves would unlock the car and not break the windows, so that would be less of a hassle than getting the window fixed.
 

boonedocks

MS LR Blk/Blk 19” OD-1/1/21 RN#1143376 DD 9/4 11am
May 1, 2015
3,155
5,897
Gainesville GA
The introduction of PIN to drive was just more static by Tesla to get the conversation away from the rest of their demons. V9 / EAP / FSD / NagGate / you know....the important stuff ¯\_(ツ)_/¯
 
  • Like
Reactions: croman

Reeler

Decade of Pure EV Driving
Oct 14, 2015
1,756
1,306
Denver, CO
A common issue in the Bay Area is that thieves break the small back window so they can pull down the backseat to access the trunk. Even people who have nothing in their trunk have fallen victim to this crime. With the vulnerability, there might not be interest in stealing cars, but they could likely access the car to steal the contents. The benefit of the new fob could be protecting the car from that scenario. However, having that vulnerability might mean the thieves would unlock the car and not break the windows, so that would be less of a hassle than getting the window fixed.

When I had a convertible, I always left the doors unlocked so that they wouldn't cut a hole in the top to get access under the same theory. I wouldn't regularly park on the street, but that is what I did.
 
  • Like
Reactions: BerTX and .jg.

jbolus

Member
Jun 6, 2018
83
52
Meridian, Idaho
The poll has this choice "FREE since Tesla knew about the better design, but was sloppy here"... Not really the case here. If it truly was, Tesla could have quickly released a new firmware to address the issue by updating the encryption used (which is the actual problem).

However, it's important to note that this "radio relay-attack" vulnerability is NOT exclusive to Tesla. Furthermore, the actual issue is from the third-party supplier PEKTRON body controller/lock module in the Model S that is also used by other car manufacturers. These type of attacks are very common in the UK/EU on many other brands such as like MB, BMW, Audi, McLaren etc. Pretty much any luxury brand that has a Passive Keyless Entry and Start (PKES) system.

Sources:
1. Criminals could steal a McLaren and other supercars in seconds using new hijacking scam

2. Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars.
https://eprint.iacr.org/2010/332.pdf

3. Yingtao Zeng, Qing Yang and Jun Li. Chasing Cars: Keyless Entry System Attacks.


If you're in the U.S., I would argue that this is not so much of an issue.

Below is the actual paper that is being misquoted by the media, claiming it's only a Tesla Model S security vulnerability which is disingenuous at best.

Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars

Previous Wired Magazine articles about the same issue:

Just Two of These $11 Gadgets Can Steal a Car
Radio Attack Lets Hackers Steal 24 Different Car Models


What's interesting is that Wired now also jumped on the Tesla FUD bandwagon and used a sensational title for their article this year.
Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob
 
Last edited:

whitex

Well-Known Member
Sep 30, 2015
6,730
8,565
Seattle area, WA
We need to put this all in perspective.

For most Tesla owners, their vehicles are probably not at great risk. Few Tesla vehicles are stolen, and almost all of those are recovered.
What % of the stuff stolen from Tesla's is recovered? Even if you set the PIN, anyone who clones your FOB can empty your car of anything you leave in there. And in case you're thinking of arguing that "nothing of value should be left in the car", would you buy a car which doesn't lock doors at all (key required for driving only)? You think others may have a problem with such open car?
 

whitex

Well-Known Member
Sep 30, 2015
6,730
8,565
Seattle area, WA
Poll if faulty. I think new fobs should be free for my 2018 car, since Tesla was fully aware of the issue before I got the car. For my 2015, I would pay $50 each fob.
 

.jg.

Member
Feb 27, 2018
449
386
Weston Super Mare, England
The poll has this choice "FREE since Tesla knew about the better design, but was sloppy here"... Not really the case here. If it truly was, Tesla could have quickly released a new firmware to address the issue by updating the encryption used (which is the actual problem).

However, it's important to note that this "radio relay-attack" vulnerability is NOT exclusive to Tesla. Furthermore, the actual issue is from the third-party supplier PEKTRON body controller/lock module in the Model S that is also used by other car manufacturers. These type of attacks are very common in the UK/EU on many other brands such as like MB, BMW, Audi, McLaren etc. Pretty much any luxury brand that has a Passive Keyless Entry and Start (PKES) system.

Sources:
1. Criminals could steal a McLaren and other supercars in seconds using new hijacking scam

2. Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars.
https://eprint.iacr.org/2010/332.pdf

3. Yingtao Zeng, Qing Yang and Jun Li. Chasing Cars: Keyless Entry System Attacks.


If you're in the U.S., I would argue that this is not so much of an issue.

Below is the actual paper that is being misquoted by the media, claiming it's only a Tesla Model S security vulnerability which is disingenuous at best.

Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars

Previous Wired Magazine articles about the same issue:

Just Two of These $11 Gadgets Can Steal a Car
Radio Attack Lets Hackers Steal 24 Different Car Models


What's interesting is that Wired now also jumped on the Tesla FUD bandwagon and used a sensational title for their article this year.
Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

There are two different but similar types of attack:

1. Relay attack: Common to keyless entry systems from all manufacturers. The attackers use a pair of relay devices to relay the communications between the car and the fob. The car thinks the fob is nearby and can be unlocked and started. Once the car is driven away, the attackers can no longer unlock or start the car. This method has been used to steal assorted makes of high end cars in Europe. The thieves probably use cellular and GPS jammers to disable tracking. Typically, the cars are disassembled within hours and sold as used parts. This attack can be mitigated by disabling passive entry or by shielding the fob.

2. Fob cloning: Unique to cars using the Pektron keyless entry system, because Pektron chose to use a 40 bit cipher in their fobs. Demonstrated on the Model S but thought to affect other Teslas, Mclaren cars, Triumph motorcycles and maybe others. In this attack, the attackers use a device to first communicate with the car and then the fob. After this, the attacker's device can emulate a fob, so the car can be unlocked and started on demand. The attack can be mitigated by using "Pin to Drive", by shielding a weakly encypted fob or by replacing the fobs with the newer high encryption type. Disabling Passive Entry will not protect against this attack. This attack is not known to have been used in the wild.

It is true to say that the problem was caused by Pektron's choice of a 40 bit cipher but Tesla owners didn't buy keyless entry systems from Pektron, they bought cars from Tesla, so the customers' issue is with Tesla. In turn, Tesla have all of this mess (including the bad publicity) courtesy of Pektron. IANAL but I would have thought Tesla ought to replace the older fobs FOC but demand that Pektron funds the replacement program. I reckon the attitude of insurance companies may play a role here e.g. if insurers start demanding higher rates or refusing cover for Teslas with low encryption fobs.

Tesla have certainly been more proactive about the while affair than Pektron, Mclaren, Triumph, etc. - I doubt Mclaren owners are too pleased with the lacklustre response from Mclaren.

So far, thefts using such high tech methods have only been seen in Europe but the demand (and prices) for used Tesla parts may encourage such thefts in north America.
 
  • Helpful
  • Like
Reactions: TaoJones and croman

bob_p

Active Member
Apr 5, 2012
3,725
2,922
What % of the stuff stolen from Tesla's is recovered? Even if you set the PIN, anyone who clones your FOB can empty your car of anything you leave in there. And in case you're thinking of arguing that "nothing of value should be left in the car", would you buy a car which doesn't lock doors at all (key required for driving only)? You think others may have a problem with such open car?

If someone wants to steal items inside a car, they only need to break a window and quickly empty the contents of the car - even the frunk isn't really secure. The Model S has storage under the rear floor, frunk and under the trunk cover that keeps items out of sight. The Model X only has the frunk and under floor storage - anything in the above floor cargo area is easily visible through the windows.

The key fob issue is really about stealing the car - not protecting the contents.
 
  • Helpful
Reactions: TaoJones

Products we're discussing on TMC...

About Us

Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.

Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


SUPPORT TMC
Top