I was read Elon talking about how some ppl are stealing signals from keycards and amplifying them to be able to use the walk up function and steal peoples cards. I was wondering -- is this weakness only with the key, or does it also extend to the Bluetooth phone connection. I imagine it isn't, but never heard any discussion of the phone, so want to clarify.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Key card thefts
- Thread starter Buggle
- Start date
It likely applies to the Bluetooth keys too. It boils down to the simple concept that if the car is relying on signal strength to determine you are nearby, then an attacker can always use a repeater to relay the signal from your key to the car.
What is needed to avoid such attacks is time of flight checking — a relay signal still travels at the speed of light, so you can measure how far away the key really is.
There’s a lot required to implement a time of flight check securely, and standard Bluetooth stacks might be too jittery to accomplish that. And the phone keys are fairly standard Bluetooth since they work with a variety of smartphones using public APIs.
What is needed to avoid such attacks is time of flight checking — a relay signal still travels at the speed of light, so you can measure how far away the key really is.
There’s a lot required to implement a time of flight check securely, and standard Bluetooth stacks might be too jittery to accomplish that. And the phone keys are fairly standard Bluetooth since they work with a variety of smartphones using public APIs.
You're misinterpreted the story. The attack is a "relay" attack- Someone uses a high powered antenna attached to a computer that receives and re-broadcasts the bluetooth signal from your phone. Your car receives this bluetooth traffic and goes through the standard handshake and unlock procedure with the laptop acting as a middle-man so both devices can receive and send data to each other.
This has nothing at all to do with the key cards, which are RFID. To best attack an RFID system, the attacker would clone (copy) the RFID keycard. This can be made more difficult in many ways by using some kind of cryptographically confirmed one-time code that is sent to the vehicle. Every time the card would be used, the code would be changed, making it harder to copy the keycard and its function. Not impossible, but harder.
Bluetooth is the weakest link on any device right now, including a Tesla. If you keep your phone near your car when you're at home, or you're within a short enough distance that the signal could be repeated to the car, then turn your phone's bluetooth off when not using it.
This has nothing at all to do with the key cards, which are RFID. To best attack an RFID system, the attacker would clone (copy) the RFID keycard. This can be made more difficult in many ways by using some kind of cryptographically confirmed one-time code that is sent to the vehicle. Every time the card would be used, the code would be changed, making it harder to copy the keycard and its function. Not impossible, but harder.
Bluetooth is the weakest link on any device right now, including a Tesla. If you keep your phone near your car when you're at home, or you're within a short enough distance that the signal could be repeated to the car, then turn your phone's bluetooth off when not using it.
I honestly wouldn't worry about RFID blocking. RFID is a passive coil technology, the distance that RFID signals can be read is inversely proportional to the size of the reader's coil. Hopefully if someone is holding a 2 foot by 2 foot rectangular plate inches away from your butt to read through your wallet, you'd notice. If not, then please do worry about RFID relaying.
Bluetooth is much scarier for relay attacks. Bluetooth signals from a phone in your pocket easily travels 30+ft in open air. So anyone within 30ft with what amounts to a wifi antenna can capture and then relay that signal.
I really think Tesla should push-notify you every time that your car is unlocked by your phone key, much like how Apple Watch does when it unlocks your Mac. That doesn't solve the relay attack but at least makes you more immediately aware of something happening.
Bluetooth is much scarier for relay attacks. Bluetooth signals from a phone in your pocket easily travels 30+ft in open air. So anyone within 30ft with what amounts to a wifi antenna can capture and then relay that signal.
I really think Tesla should push-notify you every time that your car is unlocked by your phone key, much like how Apple Watch does when it unlocks your Mac. That doesn't solve the relay attack but at least makes you more immediately aware of something happening.
Push notify is a great idea. Also is there a passcode required to start a Model 3? Wouldn't be a bad second step verification.
So then someone doesn't have to stick a relay scanner on your butt? The other guy said this would be required for the FOB, where Bluetooth has a 30' range.
I'm just trying to get the below clear in my head & having trouble --
......................................................................Bluetooth..................FOB/RFID
Hackable via relay scanner?.....................…Yes/No...............…...Yes/No
Preventable via blocker? ie -..................…...Yes/No.....................Yes/No
https://www.amazon.com/MONOJOY-Bloc...f664fae4610b9d41ee3ca3a0289129&language=en_US
If not preventable this way, then how? ie. Will placing phone x feet from any exterior entrance to your home prevent theft? I can for sure say my phone won't unlock my car unless it's not more than ~10 feet away. Same can be said for scanners?
I lived in the UK and they said never to keep your keys near your front door because this was going on. They stand outside door where most people have their keys. Relay fob to scanner near car that tricks it into thinking its near.
Ludalicious
Active Member
I must not be the only one who has full replacement insurance on my vehicle. This guy right here has zero concern about this issue.
I here you, but it's good to avoid having to get to that point and just to deter theft overall so we can keep our insurance costs down.
Ludalicious
Active Member
Ahahahahahah
The first Tesla ever stolen in the US was in 2011. This provided a three-year window with no thefts, starting from the 2008 release of the Roadster.
Between 2008 and 2013 the total number of stolen Teslas was 4. That means that only four cars were stolen between two models (the Roadster and S) and six years.
LOL let's not get carried away here.
The first Tesla ever stolen in the US was in 2011. This provided a three-year window with no thefts, starting from the 2008 release of the Roadster.
Between 2008 and 2013 the total number of stolen Teslas was 4. That means that only four cars were stolen between two models (the Roadster and S) and six years.
LOL let's not get carried away here.
Have you read the articles about Europe? It's a thing there, the thieves over there just haven't yet trained the ones over here. And it's not a Tesla specific issue. I also think given this is a hi-tech theft, using historical data to justify anything is pretty much irrelevant.
Honestly, the criminals in North America are on amateur night but we are starting to see them adopt some of the hi-tech theft and it's only going to accelerate.
Maybe we will soon have 2FA on our cars. Tesla texts us a code that we have to key in to start the car
SMS codes are considered insecure for 2FA. You need a token generator or some kind. SMS intercept is super easy, and it's done all the time these days to hijack accounts. Sorry for the bad news.
Dr. J
Active Member
You know... all I wanted out of this post was basic information on what's hackable and what's not, how, and potential solutions for anything that is an issue. Sadly I've failed to get any of that.
A solution for the FOB is that $10 sleeve from Amazon, but I'm no closer to figuring out anything regarding the Bluetooth.
