Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Preventing hacking/stealing (OBD2, fob, etc.)

This site may earn commission on affiliate links.
caligula666

caligula666

Member
Mar 2, 2017
140
120
Switzerland
#1
I read through multiple threads and articles on the Model S security and the various iterations it went through and I’d like to make sure my understanding is proper.

First, there is the ability to clone a key fob. V1 keys are 40 bits and easy to clone. V2 keys are 80 bits and, while a previous implementation was really a 2x40bits, it is now a proper 80 bits one that should make it resistant to cloning. Depending on your usage (where you live, etc.) this might or might not be much of an issue. V1 holders must buy v2 keys if they want one. Keeping your keys in a faraday cage (metallic box, aluminium sheet, etc.) prevents the hack.

Then there is the relay hack whereby a hacker can use an antenna to get close to your fob and put another relay near your car, essentially mimicking the key being close to the car, and opening the car. That is an issue with both v1 and v2 fobs. To prevent it, you can use the faraday cage trick, put a PIN on your car (to restrict usefulness of attack) or disable the opening of the car upon key detection.

What’s not clear to me now, is, considering a hacker got into your car (using the previous trick for example), can they use the OBD2 port to get it to start despite a PIN code for example? Is there any use in putting a OBD lock? Any advice there?

Any other advice?

Thanks
 
#2
caligula666 said:
...can they use the OBD2 port to get it to start despite a PIN code for example? Is there any use in putting a OBD lock? Any advice there?...
Click to expand...
I think if you give people enough time like hours, days, weeks, months, and years, they can eventually steal your car by defeating the onboard electronic system.

In theory, I think it's possible to steal a car by physically accessing the onboard electronics but I am not sure it's practical enough to defeat Tesla's Pin-to-drive because it might take some time.

I've never heard of stealing Tesla by using the OBDII port. In Tesla, I don't think it gives you any useful information. Instead, you need to access another kind of port called CAN Bus to get some useful diagnostic information.

I have not heard anyone could defeat Tesla's Pin-to-drive either.
 
  • Like
Reactions: caligula666
#3
www.businessinsider.com

The 20 cars nobody wants to steal in the US

These are the 20 least stolen cars in the United States, according to a study published by the Highway Loss Data Institute.
www.businessinsider.com www.businessinsider.com
www.hotcars.com

13 Cars That Are Almost Impossible To Steal

These new and used vehicles, including luxury cars and EVs, have advanced technology features to protect them from theft.
www.hotcars.com www.hotcars.com
www.forbes.com

These Are The 10 Least Stolen Cars On The Road

Popular with motorists, they’re the models most shunned by thieves.
www.forbes.com www.forbes.com
 
#4
Tam said:
I think if you give people enough time like hours, days, weeks, months, and years, they can eventually steal your car by defeating the onboard electronic system.

In theory, I think it's possible to steal a car by physically accessing the onboard electronics but I am not sure it's practical enough to defeat Tesla's Pin-to-drive because it might take some time.

I've never heard of stealing Tesla by using the OBDII port. In Tesla, I don't think it gives you any useful information. Instead, you need to access another kind of port called CAN Bus to get some useful diagnostic information.

I have not heard anyone could defeat Tesla's Pin-to-drive either.
Click to expand...
Yes, thanks for the feedback. I should have made it clear: I’m interested to hear about hacking strategies that would be implemented in a few minutes (after which, unless your car was specifically targeted probably for other reasons, an average hacker would move on to another target). In Europe in particular, OBD-type of attacks seem pretty frequent on cars (not Tesla) so I was wondering whether it would be easy for a hacker, once (s)he has physically entered the car (by breaking a window for example), to start the car through a OBD-type of attack.
 
#5
caligula666 said:
Yes, thanks for the feedback. I should have made it clear: I’m interested to hear about hacking strategies that would be implemented in a few minutes (after which, unless your car was specifically targeted probably for other reasons, an average hacker would move on to another target). In Europe in particular, OBD-type of attacks seem pretty frequent on cars (not Tesla) so I was wondering whether it would be easy for a hacker, once (s)he has physically entered the car (by breaking a window for example), to start the car through a OBD-type of attack.
Click to expand...
Tesla OBDII is useless for thieves.

Most of Tesla stolen are the result of fob/phone access: Physically the most like leaving phone/fob inside the car or less frequently: virtually by remotely amplifying the fob signal nearby.

None have demonstrated PIN-to-Drive defeat.

None have demonstrated by physically accessing the Tesla onboard electronics. I guess it's possible to do that but no thieves have transmitted their knowledge of how to do that within a reasonable time like half of an hour.

So, for a practical purpose, as long as you use Pin-to-drive, you should be ok.
 
  • Like
Reactions: caligula666
#6
Tam said:
Tesla OBDII is useless for thieves.

Most of Tesla stolen are the result of fob/phone access: Physically the most like leaving phone/fob inside the car or less frequently: virtually by remotely amplifying the fob signal nearby.

None have demonstrated PIN-to-Drive defeat.

None have demonstrated by physically accessing the Tesla onboard electronics. I guess it's possible to do that but no thieves have transmitted their knowledge of how to do that within a reasonable time like half of an hour.

So, for a practical purpose, as long as you use Pin-to-drive, you should be ok.
Click to expand...
Thanks Tam!
 
#7
Actually, PIN-to-drive is simple to bypass.

Tesla has gotten very good at security with their bug bounty program and those who are willing to betray secrets. (Looking at you, WhizKid)

Once a relay attack is used their SBC replays the rolling key so the fob is no longer needed.

Best thing you can do is throw the fob into a deep metal bowl, put it in a shielded pouch, or wrap it in aluminum foil. And Tesla has a duty to monitor for and block repeated attempts.

As to your phone, well, most ppl's opsec is hopeless. At least consider a firewall like AFWall+ in F-Droid, although even that only operates on a per-app basis.
 
  • Like
Reactions: Russell
#8
You can buy protectors that fit inside your fob that stop sending keyless signal if no motion is detected. Cost little more than a tin can but gives you some extra safety feeling without losing comfort.

audi-type-1.jpg
 
Last edited:
#9
rooter said:
Actually, PIN-to-drive is simple to bypass.
Click to expand...
What do you mean? Well, I know what you mean :) but are you talking about an easy to execute OBD2 type of device that can disable the PIN or are you talking about something more engaged, such as rooting the car, etc. ? Because, if that part is easy, then the key part is slightly irrelevant as breaking a window to get in would be as easy and the alarm noise would only need to last the time of executing an automated attack, which would be fast.
 
#13
If a thief is able to get a techs username password he can use their software I think and open/start your car remotely. I think that would be possible since the techs can open your car when your not there. Maybe Tesla has more security features implemented if a techs account is compromised.


How is pin code bypassed? I thought I was pretty safe using it?
 
#15
caligula666 said:
Nice, have you tried it with a Tesla? Are you happy about it?
Click to expand...
Yes it's working perfect, only when you forget to remove your key from your car you now have to use your phone to unlock it because your key is in 'sleep mode'. Never tried to rock my car to awaken the key, definitely will try that next time.

I know some OEM's already have implemented this tech into their fob.
 
  • Like
Reactions: caligula666
#16
rooter said:
Actually, PIN-to-drive is simple to bypass.

Tesla has gotten very good at security with their bug bounty program and those who are willing to betray secrets. (Looking at you, WhizKid)

Once a relay attack is used their SBC replays the rolling key so the fob is no longer needed.

Best thing you can do is throw the fob into a deep metal bowl, put it in a shielded pouch, or wrap it in aluminum foil. And Tesla has a duty to monitor for and block repeated attempts.

As to your phone, well, most ppl's opsec is hopeless. At least consider a firewall like AFWall+ in F-Droid, although even that only operates on a per-app basis.
Click to expand...

I have been able to bypass PIN to drive. Myself and others, submitted the bug years ago. You probably aware only recently it has been resolved.
 
  • Helpful
Reactions: caligula666
You must log in or register to reply here.

Similar threads

tps5352
Problem With Model X Automatic (Self-Presenting) Door Feature -- Fix and Settings Summary
Replies
11
Views
846
Model X: Interior & Exterior
tps5352
tps5352
geordi
6 days - that's how long the fob battery lasts
Replies
30
Views
3K
Model X
TOBASH
TOBASH
S
Model Y Basic Car Wash Advice Needed
Replies
18
Views
7K
Model Y: Interior & Exterior
jcanoe
J
R
  • Article
Model 3 Tow Hitch Installation - EcoHitch and near Factory Wiring
Replies
19
Views
1K
Model 3
davidalindsey
D
P
Model S Plaid leaves me stranded; almost 30 days in service - No lemon law. What now?
Replies
54
Views
8K
Model S
TSLA Pilot
T
Top
Back
Blog
New
Forum list
Marketplace
Menu