TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC

Key Fobs w/BLE = Security Issue with DoD?

Discussion in 'Model S' started by dbldwn02, Nov 10, 2019.

  1. dbldwn02

    dbldwn02 Member

    Joined:
    Oct 6, 2017
    Messages:
    331
    Location:
    Colorado Springs
    Long story short, I got an e-mail from someone "up the chain" in the Air Force, saying we can't bring Tesla or BMW i8 keys into work anymore because of the Bluetooth in them. I have a May 2017 75D. I didn't know my keyfob had BLE but I guess Tesla started working with this back in 2016.

    Does anyone know a good argument explaining how our fobs are like any other fob, or do I have to leave my key in the car from now on? (Which would be mildly inconvenient)

    Thanks!
     
  2. Superendo

    Superendo Member

    Joined:
    Jul 11, 2017
    Messages:
    381
    Location:
    Nijmegen
    For a solution: carry your key in a faraday cage to work. A tin can will probably be good enough.

     
    • Funny x 2
  3. dbldwn02

    dbldwn02 Member

    Joined:
    Oct 6, 2017
    Messages:
    331
    Location:
    Colorado Springs
    I like your creativeness but there's no way I'm going to get security to buy off on it.
     
  4. croman

    croman Active Member

    Joined:
    Nov 21, 2016
    Messages:
    4,595
    Location:
    Chicago, IL
    Only X I think has BLE and model 3. I thought S uses something else that is standard.
     
  5. dbldwn02

    dbldwn02 Member

    Joined:
    Oct 6, 2017
    Messages:
    331
    Location:
    Colorado Springs
    That's my hope but I'm still looking for something concrete that I can send back.
     
  6. murphyS90D

    murphyS90D Member

    Joined:
    Jul 2, 2016
    Messages:
    599
    Location:
    Horsham, PA
    Model S keyfobs are not bluetooth. They transmit on 315 MHz and receive on a low band frequency that I don't know. The signal from the car to the keyfob is so weak that it doesn't work if more than 10 feet from the car.

    Open your keyfob and remove the battery. There is a frequency sticker and the FCC ID number. Look up the FCC ID number on the FCC website and it will tell you all about the circuitry including the schematic diagram.

    315 MHz is a standard frequency for a garage door opener remote and is probably used by most cars for their keyfobs since the manufacturers buy the circuitry from one of their suppliers.

    Bluetooth is at 2.4 GHz.
     
    • Informative x 3
    • Like x 2
  7. brkaus

    brkaus Well-Known Member

    Joined:
    Jul 8, 2014
    Messages:
    7,152
    Location:
    Austin, TX
    What is their concern? I'm guessing they scan for bluetooth and that gives them false positives? If that is the case, a faraday bag might be a viable solution?

    I do agree that a 2017 model S key is not bluetooth. Not sure about the current model S line or the X line. The model 3 keys are bluetooth to the best of my memory.
     
  8. dbldwn02

    dbldwn02 Member

    Joined:
    Oct 6, 2017
    Messages:
    331
    Location:
    Colorado Springs
    It's all about communications security. No two way comm devices allowed in the building. My guess?...Someone at HQ saw a news story about Teslas and BMW electrics having bluetooth in their fobs so he puts a ban on all Tesla/BMW keys. The e-mail was written in a way that poo-poos electric cars so he probably has an agenda. I just need some concrete proof that my key doesn't have BT. I think this document should cover it.
    https://apps.fcc.gov/eas/GetApplicationAttachment.html?id=1725086
     
  9. brkaus

    brkaus Well-Known Member

    Joined:
    Jul 8, 2014
    Messages:
    7,152
    Location:
    Austin, TX
  10. Ostrichsak

    Ostrichsak Active Member

    Joined:
    Sep 6, 2018
    Messages:
    2,799
    Location:
    Colorado, USA
    Whomever is making this rule is acting on poor intel at best and at worst has an agenda they're forcing onto everyone under them via some real BS.
     
    • Like x 1
    • Disagree x 1
  11. krsgio

    krsgio Member

    Joined:
    Nov 8, 2018
    Messages:
    254
    Location:
    Colorado
    Govt overreacting about something they don't understand? Shocker.
     
    • Funny x 2
    • Like x 1
    • Disagree x 1
    • Love x 1
  12. aerodyne

    aerodyne Active Member

    Joined:
    Nov 19, 2018
    Messages:
    1,479
    Location:
    Los Angeles
    I remember when they tried to ban cell phones with cameras way back. That did not work out too well.
     
    • Disagree x 2
  13. dbldwn02

    dbldwn02 Member

    Joined:
    Oct 6, 2017
    Messages:
    331
    Location:
    Colorado Springs
    I'm going with the agenda option. The first part of the e-mail reads, "So you bought a BMW i8 or a Tesla? Congrats on your success in life! However, you can't bring these keyfobs into work anymore..."

    Someone's jealous...
     
    • Like x 1
    • Disagree x 1
  14. beatle

    beatle Member

    Joined:
    Aug 31, 2019
    Messages:
    601
    Location:
    Springfield, VA
    Sounds like it to me. There was a lot of activity about a year ago where I work (also a government building) and they were doing sweeps. I even got a brief stinkeye for my calculator watch (LOL!) You were able to get things like fitness trackers approved if you had some kind of documentation. That didn't apply to me so I didn't bother. No issue with car key fobs.
     
  15. Xenoilphobe

    Xenoilphobe Active Member

    Joined:
    Jan 2, 2014
    Messages:
    4,534
    Location:
    Fairfax County, Virginia
    #15 Xenoilphobe, Nov 10, 2019
    Last edited: Nov 10, 2019
    Update, it looks like Tesla filed two BLE enabled FCC applications. You need to pull the battery cover - it has either of these two FCC codes it is BLE enabled.

    I'll ask our guys at work to provide me the BLE policy on Tuesday and provide an update. It looks like this BLE chip is the issue, but not sure how it would be an issue in a fob.... Bleedingbit: Critical vulnerabilities in BLE chips expose millions of access points to attack - Help Net Security


    FCC ID 2AEIM-1133148 Car Key Fob with BLE by Tesla Motors, Inc (filed 9 July 2018)

    FCC ID 2AEIM-1048598 Keyfob with BLE functionality by Tesla Motors, Inc (filed 5 Nov 2015)

    General Wireless Policy Security Technical Implementation Guide

    Bluetooth/Zigbee Security Technical Implementation Guide (STIG)

    General Wireless Policy Security Technical Implementation Guide

    Overview
    Version Date Finding Count (10) Downloads
    1 2012-09-21 CAT I (High): 3 CAT II (Med): 3 CAT III (Low): 4 Excel JSON XML
    STIG Description
    This STIG provides policy, training, and operating procedure security controls for the use of wireless devices and systems in the DoD environment. This STIG applies to any wireless device (such as WLAN Access Points and clients, Bluetooth devices, smartphones and cell phones, wireless keyboards and mice, and wireless remote access devices) used to store, process, transmit or receive DoD information.
    Available Profiles



    Findings (MAC III - Administrative Sensitive)
    Finding ID Severity Title Description
    V-12072 High Wireless devices must not be allowed in a permanent, temporary, or mobile Sensitive Compartmented Information Facilities (SCIFs), unless approved by the SCIF Cognizant Security Authority (CSA) in accordance with Intelligence Community Directive 503 and Director Central Intelligence Directive (DCID) 6/9, the DAA, and the site Special Security Officer (SSO). Emanations from computing devices in the secured area may be transmitted or picked up inadvertently by wireless devices.
    V-8283 High All wireless systems (including associated peripheral devices, operating system, applications, network/PC connection methods, and services) must be approved by the approval authority prior to installation and use for processing DoD information. Unauthorized wireless systems expose DoD networks to attack. The DAA and appropriate commanders must be aware of all wireless systems used at the site. DAAs should ensure a risk assessment for ...
    V-19813 High Computers with an embedded wireless system must have the radio removed before the computer is used to transfer, receive, store, or process classified information. With the increasing popularity of wireless networking, most laptops have wireless NICs installed on the laptop motherboard. Although the system administrator may disable these embedded NICs, the ...
    V-14894 Medium All wireless network devices, such as wireless Intrusion Detection System (IDS) and wireless routers, access points, gateways, and controllers must be located in a secure room with limited access or otherwise secured to prevent tampering or theft. DoD data and the network could be exposed to attack if wireless network devices are not physically protected. The Network Security Officer (NSO) will ensure all wireless network devices (i.e., ...
    V-15782 Medium DAA must approve the use of personally-owned or contractor-owned PEDs used to transmit, receive, store, or process DoD information. The use of unauthorized personally-owned wireless devices to receive, store, process, or transmit DoD data could expose sensitive DoD data to unauthorized people. The use of personally-owned PEDs ...
    V-12106 Medium Wireless devices must not be operated in areas where classified information is electronically stored, processed, or transmitted unless required conditions are followed. The operation of electronic equipment and emanations must be controlled in and around areas where sensitive information is kept or processed. Sites should post signs and train users to this ...
    V-13982 Low All users of mobile devices or wireless devices must sign a user agreement before the mobile or wireless device is issued to the user and the user agreement used at the site must include required content. Lack of user training and understanding of responsibilities to safeguard wireless technology is a significant vulnerability to the enclave. Once policies are established, users must be trained to ...
    V-8297 Low Wireless devices connecting directly or indirectly (i.e., ActiveSync, wireless, etc.) to the network must be included in the site System Security Plan (SSP). The DAA and site commander must be aware of all approved wireless devices used at the site or DoD data could be exposed to unauthorized people. Documentation of the enclave configuration must ...
    V-8284 Low The site IAO must maintain a list of all DAA-approved wireless and non-wireless PED devices that store, process, or transmit DoD information. The site must maintain a list of all DAA-approved wireless and non-wireless PEDs. Close tracking of authorized wireless devices will facilitate the search for rogue devices. Sites must keep good ...
    V-28314 Low If DAA has approved the use of personally-owned or contractor-owned PEDs, the owner must sign a forfeiture agreement in case of a security incident. The use of unauthorized personally-owned or contractor-owned wireless devices to receive, store, process, or transmit DoD data could expose sensitive DoD data to unauthorized people. The use of ...
     
    • Informative x 1
  16. esrandl

    esrandl Member

    Joined:
    Jan 14, 2018
    Messages:
    36
    Location:
    Evans, GA
    Retired two years ago, so understand what you are dealing with. It is totally on limits to restrict certain devices (bluetooth, cell, etc) and you really can't fight that.

    don't know exact facility you are at, but some places have lockers for phones, etc before going through security. Check, there might be a simple solution.

    I don't think the model S keys are bluetooth either as several have pointed out. A kind response to someone in the chain is reasonable to educate them but be polite and don't get yourself in the dog house.

    If you really want to go for it if you can't solve with above, go to IG and discuss it with them (assuming you can concretely document it is not bluetooth and chain of command has already been made aware but did not make adjustment). Do NOT tell anyone you are discussing with IG and get advice from IG before proceeding further. Like above paragraph, be cautious. You may win the battle but lose the war... tread lightly.

    Edit; excellent response posted just above mine as I was writing.
     
    • Informative x 1
  17. Big Toys

    Big Toys Member

    Joined:
    Jan 19, 2019
    Messages:
    533
    Location:
    Florida
    #17 Big Toys, Nov 11, 2019
    Last edited: Nov 11, 2019
    Forget it. No base Commander is going to risk p***ing off someone up the chain just because *you* show up with facts, have a solid argument against the policy, go thru IG, etc. Second guessing the policy opens the door to every knucklehead with a disagreement. It's simply too much effort and too high a risk to undo. You will rock the boat for a losing cause, and you know what happens to boat-rockers.
     
    • Like x 1
  18. ewoodrick

    ewoodrick Well-Known Member

    Joined:
    Apr 13, 2018
    Messages:
    5,283
    Location:
    Buford, GA
    No, they are making the rules because of very knowledgeable information. You can't take a cellphone inside or most any receiver or transmitter.

    There's often receivers sitting around that look for any foreign transmissions
     
    • Like x 1
    • Funny x 1
  19. drklain

    drklain Active Member

    Joined:
    Dec 17, 2016
    Messages:
    1,004
    Location:
    Scottsdale, AZ/Fairfax, VA/Brussels, BE
    Agreed. I think people are reading things into the "announcement email" that isn't there. Having spent 26 years in the military and another 10 as a contractor, all working in some of the most classified places our government has and with a final assignment as a Chief of Staff for an agency where the entire building was a SCIF, I can offer some insight.

    The "so you bought a BMW or a Tesla, Congrats!" line does NOT read to me like someone with an agenda. I signed off on similar emails/announcements in the past. In my experience it was always an attempt to be a little more human and not issue a military order-speak announcement (i.e., "All personnel who own BMWs or Teslas meeting the following conditions are hereby notified that their keyfobs may no longer be brought into the facility....").

    Despite what many of you may believe, there are real vulnerabilities with certain electronic devices and ANYTHING that has the ability to transmit or receive information (including a Bluetooth keyfob) is prohibited from certain facilities for very specific and real possibilities. Yes, the probability of a compromise of information is very, very small, but that probability is enough to ban the devices when we are talking about some of our nation's most sensitive secrets. The probability of somebody being able to scrape together classified information off a CD burnt on classified computer with only a single UNCLASSIFIED file is small, but it is a real possibility (if you don't, know why, you need to read up on how Windows writes files to CDs and disks...that "empty" space isn't really empty).

    From what the OP is describing, it sounds as if you work in a SCIF. Unless it is totally different than any other SCIF I've ever seen, there are boxes outside where cellphones get placed and you can easily put your keyfob there as well. I formerly worked in a place where you could not only not bring cellphones in, you couldn't bring car key fobs of ANY kind into the facility (no, I won't tell you where it was or why). The facility did have lock-boxes to leave the items outside the building but there weren't enough of them. I got in the habit of leaving my cell-phone in the car (learned how to set call-forwarding to forward it to my desk line) and I got one of the those magnetic "hide a key" boxes and kept my keyfob in the box under the car. The reality was that, where this facility was and where the car was parked, the odds of anyone stealing something from my car if I left it unlocked with the key on the dashboard were effectively zero, and eventually I got sick of the magnetic box drill and just left my keyfob in the car and the car unlocked.

    For the OP, you an certainly take this issue up with your chain of command and show them what you have found. Be prepared that you very well may be told "interesting, but the answer is still no." Some of the reasons for bans on certain things within DOD are NOT what the public reasons (if any) that have been stated are. I know of at least one vulnerability that is still in a codeword compartment and unless you work in a very specific area, you almost certainly aren't read into that compartment (and likely no one else around you is either).

    Just my opinion, but this is not something I would take to an IG in an attempt to have the policy changed. Ask the question once and show them your information. If they say no, I would tread very lightly on pushing any harder on this as you may get attention you just don't want if you are doing TS/SCI work. If you'd like to discuss this further, I'm happy to chat -- PM me and I'll get you my email and cell phone number (I'm currently in the middle east for something but will be back in the US next week before heading out again in two weeks).

    all the best and congrats on your car!
     
    • Informative x 2
    • Like x 2
  20. Big Toys

    Big Toys Member

    Joined:
    Jan 19, 2019
    Messages:
    533
    Location:
    Florida
    Agree with above. As I said earlier, once these decisions are made there is little to no hope of going back. The Commander is not going to risk his career for you even if there is no risk at all. The inertia of going backward is insurmountable. Don't rock this boat or you will be passed over.

    For those unfamiliar with military thinking, it is so much easier to prevent mistakes than to explain mistakes. For example, one knucklehead private gets a DUI and the Commander orders all local bars off-limits for everyone, including officers.
     
    • Informative x 1

Share This Page

  • About Us

    Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.
  • Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


    SUPPORT TMC