Keyless Theft

[Durzel]

I prefer the added security of P2D & frequently polish the screen (using fingerprint smudges it might be possible to guess which numbers to try).

You make a good point there.

The only thing slightly more secure about the touchscreen is that it’s used for other things so it’s likely fingerprints would be all over it rather than conspicuously just 5 locations (4 numbers and “Allow”)

Tesla could randomise the order of the numbers on the PIN entry screen, allow more digits, add an exponential delay with every wrong guess after 3 attempts etc (I assume it allows as many as you want?), etc. All trivial stuff. It actually happening seems unlikely though, given stuff like gapless music playback has been missing for years.

As it happened I recently noticed when I was in the upstairs bathroom and randomly on the Tesla app that it said “Phone Key - Connected”. Was quite surprised, and alarmed. I must’ve been a good 7 metres from the car. I assumed it only worked at very limited range.

 

[Bootneckshuffl]

A few posts saying Bluetooth relay is impossible. It may be harder to do but it’s not impossible. We just don’t see it in the wild because the thrives are using old tech on different frequencies. It’s only a matter of time.

If it becomes a thing, I’ll setup Apple Shortcuts to turn off Bluetooth overnight. In the meanwhile carry on regardless.

Good shout that

 

[Bootneckshuffl]

You make a good point there.

The only thing slightly more secure about the touchscreen is that it’s used for other things so it’s likely fingerprints would be all over it rather than conspicuously just 5 locations (4 numbers and “Allow”)

Tesla could randomise the order of the numbers on the PIN entry screen, allow more digits, add an exponential delay with every wrong guess after 3 attempts etc (I assume it allows as many as you want?), etc. All trivial stuff. It actually happening seems unlikely though, given stuff like gapless music playback has been missing for years.

As it happened I recently noticed when I was in the upstairs bathroom and randomly on the Tesla app that it said “Phone Key - Connected”. Was quite surprised, and alarmed. I must’ve been a good 7 metres from the car. I assumed it only worked at very limited range.

That distance thing seems a bit random my end. I can be a few metres away and it’ll lock, other times be double that and more away before it locks

 

[pharwood]

You make a good point there.

The only thing slightly more secure about the touchscreen is that it’s used for other things so it’s likely fingerprints would be all over it rather than conspicuously just 5 locations (4 numbers and “Allow”)

Tesla could randomise the order of the numbers on the PIN entry screen, allow more digits, add an exponential delay with every wrong guess after 3 attempts etc (I assume it allows as many as you want?), etc. All trivial stuff. It actually happening seems unlikely though, given stuff like gapless music playback has been missing for years.

As it happened I recently noticed when I was in the upstairs bathroom and randomly on the Tesla app that it said “Phone Key - Connected”. Was quite surprised, and alarmed. I must’ve been a good 7 metres from the car. I assumed it only worked at very limited range.

The position of the PIN keypad changes on my screen. It is not always in the same place. I wonder if this is to prevent repeated fingerprints in the same spots?

 

[Dilly]

The position of the PIN keypad changes on my screen. It is not always in the same place. I wonder if this is to prevent repeated fingerprints in the same spots?

I’ve noticed that too

 

[EVMeister]

A few posts saying Bluetooth relay is impossible. It may be harder to do but it’s not impossible. We just don’t see it in the wild because the thrives are using old tech on different frequencies. It’s only a matter of time.

If it becomes a thing, I’ll setup Apple Shortcuts to turn off Bluetooth overnight. In the meanwhile carry on regardless.

I wasn't trying to suggest it was impossible, but more as you suggest that it doesn't work with the current relay attack which is designed to amplify RFID signals. It isn't the first time this has been discussed here - Relay Hack for Model 3. I agree with @Tony Hoyle that if it does become "a thing" then there are various mitigating steps Tesla could take and they may have taken some of these already.

 

[Bootneckshuffl]

I wasn't trying to suggest it was impossible, but more as you suggest that it doesn't work with the current relay attack which is designed to amplify RFID signals. It isn't the first time this has been discussed here - Relay Hack for Model 3. I agree with @Tony Hoyle that if it does become "a thing" then there are various mitigating steps Tesla could take and they may have taken some of these already.

Thanks for the info, appreciate it

 

[Latibes]

PIN to drive screen position changes on each use! Stops localisation of finger prints!

 

[UrbanSplash]

I thought I was going mad thinking the pin screen moves

I pin lock too but sometimes wonder what methods would be used to extract the pin from you if the rats have broken into your house.

 

[NorfolkMustard]

The Tesla chap on collection day made a point of explaining that they purposely made the pin pad move so it’s hard to tell which numbers are relevant.

 

[richrootes]

Buy a house with a garage

Then, park your car in the garage - don’t fill it with junk like 90% of my neighbours have

 

[davyjohns]

I presume there’s no such delay in the M3. If there were, that would likely make any little brats give up

Keyed in the wrong pin once. Error message came up (can't remember now). Had to use keycard to gain access.
Have use PIN since day one.

I prefer the added security of P2D & frequently polish the screen (using fingerprint smudges it might be possible to guess which numbers to try).

The input box moves around the screen to make it more difficult to guess the numbers by smudges. But still worth doing.

 

[Bigknd]

When I first got the car my neighbours couldn't get their heads around the fact that I got in & drove off instantly without 'turning anything on'. Since then I sit pressing the screen & it takes a little longer but feels more secure.

I prefer the added security of P2D & frequently polish the screen (using fingerprint smudges it might be possible to guess which numbers to try).

Also Tesla have thought of the finger prints and move the keypad around the screen each time so you would never be able to guess what numbers have been put in.

 

[Durzel]

The position of the PIN keypad changes on my screen. It is not always in the same place. I wonder if this is to prevent repeated fingerprints in the same spots?

Didn’t know that, thanks. I’ve yet to enable P2D.

 

[Drew57]

Great to know that the pin keypad moves, thanks for the replies, I hadn't looked that closely (..still wipe the screen to keep it smear free anyway)

 

[LongRanger]

Pin to drive entry on phone app / watch would be helpful

 

[hingus2000]

As it happened I recently noticed when I was in the upstairs bathroom and randomly on the Tesla app that it said “Phone Key - Connected”. Was quite surprised, and alarmed. I must’ve been a good 7 metres from the car. I assumed it only worked at very limited range.

As far as I understand, the app saying “Key - Connected” is not the same as the car being unlocked.

It means the app is in Bluetooth communication range (which I assume it uses communicating actions directly such as opening the boot, as opposed to sending an instruction over the internet), but the car differentiates the Bluetooth signal strength required when they key is in very close proximity in order to unlock.

I’ve tested this by leaving my phone in the front room with the app saying “Key Connected” and trying to open the car doors. They won’t open.

 

[Adopado]

The position of the PIN keypad changes on my screen. It is not always in the same place. I wonder if this is to prevent repeated fingerprints in the same spots?

That's exactly the reason.

 

[Xenoilphobe]

Hire some cats to maul the scruffy little rats.

Get some Ring cameras, record everything and post it on the neighborhood cloud, so that if anything happens they will get busted, or go high end, with biometric identification and direct connect to law enforcement. In some areas (known high risk) they will give these out for free if you sign over full access to the cameras, in our state, you can grant LE full access to your Ring cameras without a warrant.

 

[darkNstormy]

Hire some cats to maul the scruffy little rats.

Get some Ring cameras, record everything and post it on the neighborhood cloud, so that if anything happens they will get busted, or go high end, with biometric identification and direct connect to law enforcement. In some areas (known high risk) they will give these out for free if you sign over full access to the cameras, in our state, you can grant LE full access to your Ring cameras without a warrant.

This is the UK. Not sure we have that kind of thing. Bobbies with whistles according to most American movies that have a UK location (even Bourne Ultimatum did this, much to my annoyance, an otherwise perfect movie)