Just found a pin to drive bypass

[BigTonyTones]

Just found a bypass trick on accident. I summoned my car out of the garage and got into it. The car let me drive right away without asking for a pin code.

I used my key to summon the car.

Anyone else ever experience this?

 

[JohnSnowNW]

Yes, and the last time I summoned my X it also kept the headlights and HVAC on until I walked up to it and opened/closed the door.

 

[BigTonyTones]

Seems like a big security risk. Any hacker who has cloned your key can just summon the car for a bit and drive away. Defeats the whole purpose of the pin code

 

[MarkJ]

No it doesn't. Cloning keys is much, much harder than an amplification attack which pin 2 drive will protect against. There are Teslas outside the US who can't use the keyfobs to summon anyway. Any security improvement should be welcome even if it isn't 100% perfect.

 

[Eevee]

OK so it sounds like if you just leave the default summon setting (which requires the app to summon and disables the fob to summon) then there's no security risk. Am I understanding correctly?

 

[Russell]

Just found a bypass trick on accident. I summoned my car out of the garage and got into it. The car let me drive right away without asking for a pin code.

I used my key to summon the car.

Anyone else ever experience this?

I have experienced it and wrote to Tesla about it Monday. I never heard back from them.

 

[PhilDavid]

I have experienced it and wrote to Tesla about it Monday. I never heard back from them.

Would this qualify for the security bug bounty program?

 

[Russell]

Would this qualify for the security bug bounty program?

I'm hoping it does. I registered for that program and submitted my report.

OK so it sounds like if you just leave the default summon setting (which requires the app to summon and disables the fob to summon) then there's no security risk. Am I understanding correctly?

Doing that lessens the risk, but it's still there.
Until Tesla fixes it, keep an eye on your keys like you do with a car without PIN to Drive

 

[Ketchups]

IIRC, Valet mode disables the summon feature.

 

[Russell]

IIRC, Valet mode disables the summon feature.

Valet mode disables PIN to Drive.

 

[Ketchups]

Valet mode disables PIN to Drive.

so there's two ways to bypass PIN to drive..

 

[Russell]

so there's two ways to bypass PIN to drive..

Not exactly. I didn't word it correctly.
To enable Valet mode, you have to enter the PIN to Drive code then valets can drive the car without entering it again.


Anyways, I just got word from Tesla someone already submitted this bug. So no bounty for me

 

[SeBsZ]

I also encountered the bug where the car AC remained on after summon. I tried using the app to unlock and lock the car to no avail nor using the fob. I had to open and close the driver's door!

 

[npvisual]

Just found a bypass trick on accident. I summoned my car out of the garage and got into it. The car let me drive right away without asking for a pin code.

I used my key to summon the car.

Anyone else ever experience this?

Yes. I had noticed that as well for the Model X (2018.48.12.1). Came here to find out if anyone had seen this before and found your post.

Even more "interesting" is that the car doesn't actually need to "move". While seating in the car just press the key fob top for about 3 seconds until the mirrors fold back. At that point PIN-to-drive will be bypassed.

Guess that "someone" forgot to reactivate PIN-to-drive after Summon is aborted / finished ! Ah, pesky software bugs.

Note that it's been more than a month since this problem was apparently reported, as mentioned in some previous posts, but there's been no updates to resolve it.

Turning Summon OFF or turning ON "Continuous press mode" definitely prevents this bypass issue. But considering how terrible "Continuous press mode" is, might just as well turn Summon OFF until this is fixed.

N.

 

[MIT_S60]

Yes, and the last time I summoned my X it also kept the headlights and HVAC on until I walked up to it and opened/closed the door.

This annoys me, particularly when I use it to finish backing into a spot, but then I need to go back and open/close the door to get the lights to turn off.

 

[npvisual]

Yes. I had noticed that as well for the Model X (2018.48.12.1). Came here to find out if anyone had seen this before and found your post.

Even more "interesting" is that the car doesn't actually need to "move". While seating in the car just press the key fob top for about 3 seconds until the mirrors fold back. At that point PIN-to-drive will be bypassed.

Guess that "someone" forgot to reactivate PIN-to-drive after Summon is aborted / finished ! Ah, pesky software bugs.

Note that it's been more than a month since this problem was apparently reported, as mentioned in some previous posts, but there's been no updates to resolve it.

Turning Summon OFF or turning ON "Continuous press mode" definitely prevents this bypass issue. But considering how terrible "Continuous press mode" is, might just as well turn Summon OFF until this is fixed.

N.

It appears that rev 2018.50.6 might be fixing the lack of pin-to-drive request after a summon -- I just tested that today and I am being asked to enter the PIN after I have summoned the car.

However it doesn't seem to solve the case I described above, where the car doesn't need to actually be moved, but rather when sitting in the car, pressing the keyfob for 4 seconds allow you to drive without the PIN.

 

[PaulSeivert]

It appears that rev 2018.50.6 might be fixing the lack of pin-to-drive request after a summon -- I just tested that today and I am being asked to enter the PIN after I have summoned the car.

However it doesn't seem to solve the case I described above, where the car doesn't need to actually be moved, but rather when sitting in the car, pressing the keyfob for 4 seconds allow you to drive without the PIN.

This problem still exists. I just called Tesla about it. I didn't know about this thread before I called. Whenever I summon my Model Y with the key fob, I don't need to enter my PIN to drive.