You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
the keyFOB is the weak point for security - currently a none issue since FOB's not yet available for Model 3.
Is it still not available on the 3? I have version 9 and can't find it in settings.
Still not available because the Model 3 fobs aren't generally available yet. Support for Model 3 fobs are supposedly coming in 2018.42.x, so that's when Pin-to-Drive might come to the Model 3. Nothing has been confirmed yet.
Is the relay attack the same as signal boosting?Earlier generation fobs are susceptible to relay attacks. Newer ones are not.
Is the relay attack the same as signal boosting?
Maybe I am being dense, but if I am just amplifying the existing signal, how does challenge response or encryption help?Yes, the idea is that a relay is used to boost/relay the signal of the original fob sitting in a nearby location to the car so that the car thinks the fob is in immediate vicinity.
I believe newer technology fobs use a challenge response method as well as encryption to validate that the fob is who it says it is and is not a relay/booster.
Maybe I am being dense, but if I am just amplifying the existing signal, how does challenge response or encryption help?
Ah so the relay isn't just merely boosting the signal (think holding the fob to your chin to get greater range) it is also doing a Man in the Middle Attack. Which the Challenge/Response + Encryption prevents.Imagine you are connecting to Amazon.com using an encrypted HTTPS session. Your PC makes an initial request of Amazon and Amazon generates a signed certificate with a secret key that only your PC and Amazon know about. This exchange is done over an encrypted connection.
Now, you insert a network capture device and capture all of this traffic in an effort to "spoof" your PC and make it look to Amazon like it's your PC talking to Amazon. This will not work because your capture device doesn't have the secret key (was exchanged encrypted) and so Amazon is not "fooled" into thinking that device is your PC and can make purchases.
I believe that the newer keys work the same way. The communications are encrypted and there is a key exchange that happens so that the fob and car know each other with a secret pre-shared key and there's no way for a "man in the middle" to fool the car into thinking it is the fob.
It is likely that this key exchange is done when you pair a fob to the car and from that point on all of the communications are encrypted and the certificate key is then on the fob. No relay can recreate this encrypted certificate so it will never fool the car into thinking it is the fob.
The car doesn't just say "I see the fob". The car interrogates the fob for the secret key when it thinks the fob is in proximity. The relay device doesn't have this key, and can't fool the car into thinking it's present. Just forwarding the encrypted packets isn't enough for this hacking method to work.
Ah so the relay isn't just merely boosting the signal (think holding the fob to your chin to get greater range) it is also doing a Man in the Middle Attack. Which the Challenge/Response + Encryption prevents.
Imagine you are connecting to Amazon.com using an encrypted HTTPS session. Your PC makes an initial request of Amazon and Amazon generates a signed certificate with a secret key that only your PC and Amazon know about. This exchange is done over an encrypted connection.
Now, you insert a network capture device and capture all of this traffic in an effort to "spoof" your PC and make it look to Amazon like it's your PC talking to Amazon. This will not work because your capture device doesn't have the secret key (was exchanged encrypted) and so Amazon is not "fooled" into thinking that device is your PC and can make purchases.
I believe that the newer keys work the same way. The communications are encrypted and there is a key exchange that happens so that the fob and car know each other with a secret pre-shared key and there's no way for a "man in the middle" to fool the car into thinking it is the fob.
It is likely that this key exchange is done when you pair a fob to the car and from that point on all of the communications are encrypted and the certificate key is then on the fob. No relay can recreate this encrypted certificate so it will never fool the car into thinking it is the fob.
The car doesn't just say "I see the fob". The car interrogates the fob for the secret key when it thinks the fob is in proximity. The relay device doesn't have this key, and can't fool the car into thinking it's present. Just forwarding the encrypted packets isn't enough for this hacking method to work.
I am well aware of how asymmetric encryption works however I must admit I still share @diamond.g 's lack of understanding.
My problem here is that there's a difference between _facilitating_ a dialog, and _having_ a dialog. When you connect to Amazon, you just want to make sure you are having response from amazon. The network hardware may relay that dialog as many times as needed without your awareness. The only thing that is guaranteed is that (1) information does come from the participants, and (2) that man in the middle does not see its content.
But man in the middle can amplify it as many times as he/she wants without having access to content, as long as both points are willing to talk at all (and in fact it does, in the form of routers, backbones, satellites etc.)
Since the modern keyless entry keyfob is always in the mode "willing" to be talking to the car, instead of such dialog being proactively initiated by a key press by the owner, it would seem signal amplification is still a problem since the dialog between keyfob and the car can be facilitated at any moment without owner's awareness.
By that logic, bluetooth connection should be just as vulnerable (although perhaps just harder to hack because of hardware availability and the fact that it has to be maintained all the while the vehicle is being driven). Perhaps, challenge-response gives a solution to not being able to drive far away, but it would seem it should still be possible to yield the control within the amplified area (i.e., to get in, although perhaps not to drive too far)
Qihoo's researchers suggest that carmakers and component companies like NXP could prevent the relay attack by requiring tighter timing constraints in the call-and-response communications between key and car. Relay the signal from too far, and those limits could prevent the fraudulent transmission from being accepted.
The other method to foil the attack falls to the car owner: Keep your keys in a Faraday bag that blocks radio transmissions—or, in a pinch, in a metal box, like a fridge, that performs the same function. Storing your keys in the equivalent of a tin-foil hat may sound paranoid. But if the Chinese researchers' work is any indication, attacks on automotive keyless entry systems may get significantly easier—and more common—before they get fixed.