How Secure Are Teslas/Tesla Thefts

[NewbieT]

It was only a matter of time.

Apple shortcuts > when do not disturb turns on > turn off Bluetooth

And vice versa.

 

[Casss]

Just saw this - BLE phone-as-a-key vuln allows access to Tesla Model 3 so I guess BT is susceptible to relay attacks, I notice when you close the Tesla app the Tesla BT device disconnects on the iPhone so hopefully this is a workaround.

Thanks for posting. This method is nothing new though. The advice is the same as it has been for years with any kind of relay attack - faraday or disable passive entry and ensure you have p2d on. Passive entry and Bluetooth keys are a convenience feature not a safety feature.

 

[GRiLLA]

Thanks for posting. This method is nothing new though. The advice is the same as it has been for years with any kind of relay attack - faraday or disable passive entry and ensure you have p2d on. Passive entry and Bluetooth keys are a convenience feature not a safety feature.

Keeping you phone in a faraday cage at home might be inconvenient.

 

[Casss]

Keeping you phone in a faraday cage at home might be inconvenient.

Not if the whole house is a faraday cage

 

[Undecided_2]

Personally, I’d rather that they stole the entire vehicle then this new craze amongst thieves.

Car theft by instalments

Today’s thieves prefer to steal your car in instalments, writes Ken German, the former Met Police man and still a vehicle crime specialist. Police from all a

www.professionalsecurity.co.uk

Quote from article: “that she was unfortunately one of 72,000 similar victims of this new epidemic of car crimes that they suggested included that of catalytic converter and steering wheel theft (for the air bags) and more recently a rapidly increasing amount of electric car batteries and cables from EV cars and motorcycles.”

 

[NewbieT]

“electric car batteries” Now that is pretty impressive.

 

[Cardo]

“electric car batteries” Now that is pretty impressive.

I’m guessing they’ve made that up for the clicks. But I’m sure you already knew that!

 

[RetiredSideman]

My M3 has been having false alarms for the past 2 nights now (think there’s an insect, going to get it cleaned tomorrow) so I’ve been resorting to leaving it unlocked on my driveway after I stop the alarm.

1) how close does a phone key have to be in order to start the car? Is the car drivable between the period of exiting and it automatically locking?

2) if my phone key leaves the vacinity of the car whilst I’ve parked, will it still allow me to shift?

3) are both the above sceneries different if I primarily use the card key?

 

[WllXM]

Same article but in general media today

Criminals can remotely unlock and steal your car, Tesla owners warned

British cyber security company claims to have unlocked a vulnerability

www.telegraph.co.uk

BLE was always some kind of a hack and the way forward is UWB (like the BMW&Apple CarKey partnership). Wishful thinking but I wish Tesla has a way to offer upgrades to existing TM3 and TMY to this tech somewhere down the line.

 

[Adopado]

My M3 has been having false alarms for the past 2 nights now (think there’s an insect, going to get it cleaned tomorrow) so I’ve been resorting to leaving it unlocked on my driveway after I stop the alarm.

1) how close does a phone key have to be in order to start the car? Is the car drivable between the period of exiting and it automatically locking?

2) if my phone key leaves the vacinity of the car whilst I’ve parked, will it still allow me to shift?

3) are both the above sceneries different if I primarily use the card key?

Well you’re the guy to find out! Tell us when you have carried out the experiments!

 

[T3SSY]

From Tesla manual regarding key fob:

Note
For increased security, passive locking and unlocking disables after being stationary for five minutes while within vehicle range when the vehicle is not in use (for example, you are standing outside your vehicle). In this situation, you must shake or press a button on the key fob to re-enable passive locking and unlocking.

I'm thinking this gives more security than a phone key, which doesn't have this feature?

I have just bought the fob and have noticed that the car picks up it's signal from inside the house on the key hook, so I can go out to the car empty handed and it opens when I pull the handle - whereas the phone has to be pretty close to the car to pick it up. I haven't tried waiting 5 minutes to see what happens yet, just found this information while I was looking to see how I could increase the security.

 

[Roy B]

IMO the main benefit of a fob over a phone key is that you can conveniently keep the fob in a metal tin, which you can't really do with a phone. When you're not planning to use the car for a few days you could even keep it in your home safe - if you have one - as thieves often break into a house to steal the car keys.

To benefit from this, you really want to disable your phone key, though. I don't really want to keep bluetooth on my phone disabled, so I just don't have my phone registered with my car as a key at all. I still have the app installed, of course. (This approach does have the downside that you can't remotely view the sentry cam, sadly, as that feature relies on the encryption keys that are set up when you enrol your phone as a phone key.) Obviously use PIN to drive as an additional protection, as it's impractical to ensure your fob is in a faraday cage at all times.

Personally I would assume relay attacks are a risk for any proximity key - fobs, phones, even RFID cards - and act accordingly. (Yes, there's been a lot of work on long range reading of RFID cards over the years.)

 

[MrT3]

To benefit from this, you really want to disable your phone key, though. I don't really want to keep bluetooth on my phone disabled, so I just don't have my phone registered with my car as a key at all. I still have the app installed, of course. (This approach does have the downside that you can't remotely view the sentry cam, sadly, as that feature relies on the encryption keys that are set up when you enrol your phone as a phone key.) Obviously use PIN to drive as an additional protection, as it's impractical to ensure your fob is in a faraday cage at all times

I just force close the app which kills the Bluetooth connection it has to one of the vehicle’s BT proximity sensors so it no longer can be used to open the vehicle until I launch the app again. I find the app noticeably drains my battery so I kill it anyway after I return home and won’t use the car again for a while.

 

[Adopado]

I just force close the app which kills the Bluetooth connection it has to one of the vehicle’s BT proximity sensors so it no longer can be used to open the vehicle until I launch the app again. I find the app noticeably drains my battery so I kill it anyway after I return home and won’t use the car again for a while.

So you won't get an alarm notification or something left open notification? I suppose if your car is within earshot and you are extra careful with checking before killing the app it's a solution for some.

 

[_MJF_]

I just force close the app which kills the Bluetooth connection it has to one of the vehicle’s BT proximity sensors so it no longer can be used to open the vehicle until I launch the app again. I find the app noticeably drains my battery so I kill it anyway after I return home and won’t use the car again for a while.

How confident are you that the phone won't restart the app in the background ?

When I used the phone key I stopped the "connected" notifications as they were a nuisance, even if they were enabled you'd only know the app had restarted and connected if you happened to notice.

I suppose the safer and easier option is to turn the phone's bluetooth off, if you can manage without bluetooth when you're in the house but within range of the car, it's just a case of remembering.

 

[WllXM]

Again, I would be happy to pay for an UWB upgrade if it was available, as I don't believe this has been defeated yet, and would integrate nicely with Apple CarKey/Wallet.
The BluetoothLE Phone Key is a nice hack, but the standard was never developed for this purpose.

 

[MrT3]

Again, I would be happy to pay for an UWB upgrade if it was available

Tesla has FCC approval for a UWB module, but don't think it is implemented in any of their vehicles yet.

How confident are you that the phone won't restart the app in the background ?

On iOS the app doesn't restart. I inadvertently test this all the time as I forget to launch the app and cannot open the door

 

[WllXM]

Tesla has FCC approval for a UWB module, but don't think it is implemented in any of their vehicles yet.

Yes but some reports mentioned they would need to add a bunch of antennas to achieve precise location, so that would be for a new model/refresh rather than a simple module add/retrofit unfortunately.. I hope they're wrong

 

[robmcm]

Yes but some reports mentioned they would need to add a bunch of antennas to achieve precise location, so that would be for a new model/refresh rather than a simple module add/retrofit unfortunately.. I hope they're wrong

Apple managed to use it to locate a £25 AirTag, hopefully it isn’t too complicated.

 

[MrT3]

Yes but some reports mentioned they would need to add a bunch of antennas to achieve precise location, so that would be for a new model/refresh rather than a simple module add/retrofit unfortunately.. I hope they're wrong

The vehicle already has multiple BLE sensors to triangulate your position - upgrade those to combined BLE / UWB and you can then detect if you are at the sides or rear of the vehicle with UWB.

No sign of that happening anytime soon (although the recent bad press might kick them into action), but highly unlikely it would be offered as a retrofit for existing vehicles.