Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Phone App v2.0 (FW v6.0)

This site may earn commission on affiliate links.
Maybe a future update will add phone notifications when an update it ready on your car. :)

The iPhone app does notifications of charging, charging stopped, etc. It's not that far of a stretch. :)

I'm very happy with the functionality. Would prefer valet to come sooner rather than later, but there's a lot of good stuff in here!
 
The iPhone app does notifications of charging, charging stopped, etc. It's not that far of a stretch. :)

I'm very happy with the functionality. Would prefer valet to come sooner rather than later, but there's a lot of good stuff in here!

I think that it is already implemented ... based on this post from the ios app thread

Edit: looks like I am responding to the request for valet but was referring to the firmware update notification request.
 
Last edited:
Tesla Model S App Updated for 6.0 w/ Keyless Drive Feature

Not sure how many have already noticed this, but when I woke up this morning, I discovered the Tesla (iPhone) app had automatically updated for support with the new (keyless & calendar) features thought to be in 6.0. The app will also notify users/owners when new Model S firmware updates are available. Here's the changelog:
tesla-update.jpg
 
Last edited:
That's not actually the point. Think about it this way:

Another bad practice is to require users to rotate password too often. Sounds good on paper. People should be more secure because old passwords will have a limited life, and users will need to use more complex passwords instead of using the same password everywhere.

But in the real world all it does is encourage users to write down passwords they can't remember, or use password that are as simple as they can get away with so they can remember them. Overall is lowers the security of a system.

Same goes here. Most users will just be annoyed by this and use a password that is simpler than they would have otherwise. The end result may be compromised Tesla accounts. The press around it won't blame the users for using bas passwords, it will blame Tesla for having a system that was compromised.

Pass phrases are the way to go. When I was a systems administrator I set the password policy to a minimum 12 characters. I didn't care about case or numbers or symbols. Every character you add to the phrase exponentially makes the password more secure. A 12 char pass phrase with all lower case letters is way more secure than 11 char forcing to use mixed case, numbers, and symbols.

Using this methodology you could make your pass phrase "you will never guessmy password" and no one or clustered supercomputer ever will crack it. Even using dictionary based methods it would be near impossible. Omitting one space makes dictionary attacks completely impossible.

Brute force will always crack 3hjD;kR7 in less than 6 hours. Which one will your brain easily remember?

Changing passwords once a year is smart incase somehow yours got fished. But if they are all the same long pass phrase with out case requirements, it's no big deal.
 
Brute force will always crack 3hjD;kR7 in less than 6 hours. Which one will your brain easily remember?

which one will be faster to enter on a mobile device keyboard without swype when your fingers are 3x the size of the miniature keys? :)

Perhaps this shouldn't devolve into a password vs. passphrase vs. two-factor biometrics, etc. conversation and stick to the functionality implemented on the app and with 6.0. I'm not a fan of having to re-enter my password, or a passphrase, or anything to start my car beyond my mobile device's existing security.
 
Omitting one space makes dictionary attacks completely impossible.

Just thought I'd point out that omitting any number of spaces from only six words only makes it 32 times more difficult to brute force (for each of the five spaces between the words, the space would either be present or not present, thus yielding 2^5 combinations of spaces). Given the math of how difficult it is to crack six words that are all within the top 2,000 most used words (it's very difficult, see math below), multiplying by 32 doesn't change the result much. It's probably unnecessary.

Math:

Assuming "3hjD;kR7" takes 6 hours to crack, that means a computer can crack (26+26+10+10)^8 combinations in 6 hours. That means it can check 2,888,816,545,234,944 passwords per day.

Using 6 of the most common 2,000 words is 2000^6 = 64,000,000,000,000,000,000 combinations.

64,000,000,000,000,000,000 / 2,888,816,545,234,944 = 22,154.

So it would take 22,154 days (or about 61 years) to crack your password, even if you used exactly one space between each letter. Making it take 32 times longer doesn't really matter too much at that point, especially if you change your password every year or two. Plus, the people trying to crack your password are going to try for, at most, an hour brute forcing your password. Then they'll move on to the next guy's password (assuming they got all their data in a batch, which they probably would).

Only if someone with a good computer or cluster of computers is targeting you specifically (i.e. you're a celebrity or political figure) would additional security be worth it. In that case, I would add two more words, thus making it 4 million times harder to crack, as opposed to removing random spaces (which would probably be harder to remember).

Here's a link to the top 2,000 words in English (I found this during my research, and thought it was interesting):
Top 2000 English Vocabulary Words used in Speaking
 
Unfortunately it will only encourage people to use simple passwords on their account. This is textbook bad security. I though they hired some security expert out from Apple? They should know better.

I don't understand the issue. In order to start your car, a thief would need the Tesla app as well as your login ID and password. How would a thief know your login ID? And then if they do, they would have to guess the password by brute force... using a smartphone app. A lot would need to happen, it seems, before a thief can remote start your car. And even if it were to happen, there is plenty of information that has exchanged hands that would make it relatively easy to identify the attacker.

I am not that concerned.
 
I don't understand the issue. In order to start your car, a thief would need the Tesla app as well as your login ID and password. How would a thief know your login ID? And then if they do, they would have to guess the password by brute force... using a smartphone app. A lot would need to happen, it seems, before a thief can remote start your car. And even if it were to happen, there is plenty of information that has exchanged hands that would make it relatively easy to identify the attacker.

I am not that concerned.

Thank you! I couldn't agree more. Now back to 6.0.
 
I am very confident that this will be updated in the future. The Tesla app will allow TouchID (on at least in iOS) instead of having to manually input your password to start the car. I think as is its an okay first iteration that will improve over time.

I'm hoping they also support 1Password's extension protocol in iOS 8 to retrieve the password from there: Our 1Password App Extension for iOS 8 is already supported by over 100 apps, here are nearly 20 | Agile Blog