Relay attack (in)security mitigations?

[Ritz]

Hello all. I haven't posted in quite a while. Wondering if anyone has the scoop on Tesla coming up with something more friendly than pin-2-drive as a mitigation for relay hacks to enter and operate our cars?

Mine is always garaged except when I'm out at a store or something so I'm not THAT concerned, so I'm just curious.

Best,

 

[stopcrazypp]

Hello all. I haven't posted in quite a while. Wondering if anyone has the scoop on Tesla coming up with something more friendly than pin-2-drive as a mitigation for relay hacks to enter and operate our cars?

Mine is always garaged except when I'm out at a store or something so I'm not THAT concerned, so I'm just curious.

Best,

I presume you are talking about this new one?
Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks

Tesla already had mitigating features previously (used to detect proximity) but this new relay attack renders those ineffective. It's very new, so given how Tesla works, I'm pretty sure Tesla does not have anything new yet (they responded pretty much this type of relay attack is expected and can't be completely prevented).

Other than the pin, another thing users can do is to disable Bluetooth when they leave their car for extended periods. The researchers suggested something similar, but for Tesla app to give option to either permanently or after 1 minute disable passive unlock (or more exactly ability to pull handle to unlock when phone is in proximity; walk up unlock is a bit different functionality which unlocks the doors as you walk up before you pull the handle which users can already disable). Also suggest using location data of the mobile phone as a way to detect proximity to car.

 

[afadeev]

Kinda yes.
It's called car insurance.