I was wondering whether anyone technical out there knew the answer to this. How easy is it to relay hack the Model 3 given that the card works at such low proximity and the app is connected via Bluetooth? I will be adding Pin to drive when it arrives but it’ll be interesting to know. Also, from people who already have delivery, if the car is on the drive and your phone on the window sill — is the car unlocked? Don’t want to disable Bluetooth every time I get home. edit: window sill as it’s the closest point in the house to the car.
You have to be really close for the doors to unlock, sometimes I have to wave my trouser pocket at the door which can look a bit odd! So I would say within a meter of the car, definitely less not more.
Relay of the card is almost impossible, it has no active power source. You'd need a bloody big antenna to activate it at any distance. Relay of bluetooh requires specialised hardware and hasn't been done in the wild as far as I'm aware.. there are a number of mitigations possible if it becomes a thing in the future (verify GPS location, disable BT radios when the phone is not moving, latency measurements, that kind of thing).. The car won't open the door unless the bluetooth device is less than a couple of feet away. Not sure how it determines that but I can leave my phone in the living room right next to the car & well within bluetooth range, and it won't open.
Call me paranoid but I feel more secure using Keycard only along with pin to drive. Any kind of easy entry seems open to attack albeit Bluetooth being more secure than traditional key fobs.
I was looking at getting a key fob for the M3 (especially while im waiting for the car to be linked to my tesla account) but you cant get them in the UK and it would also suggest the car doesnt have the hardware for passive entry like the S and X do because it clearly states on key fob that it doesnt do passive entry. NFC chips that are in the cards are a passive device so they need an NFC reader quite close in order to work. I would still recommend having PIN to drive enabled though.
I'm not sure that those are accurate statements at all. In fact, it is demonstrably not true. As I understand it, un more private circles the Model 3 was proven vulnerable in 2018 to SARA (Signal Amplification Relay Attack). In the past week this has been reaffirmed by Twitter user Kevin2600. "Although Tesla thinks they are protected from the Relay attack with PIN2Drive. But we are still able to open the door. So risk still there. Anyway, we just purely enjoy the research. I hope you guys like this one " Kevin2600 on Twitter "So this is a free to share call proved by Tesla. We have managed to find a design flaw in order to relay the Tesla NFC key tag. But Tesla dont think it's a problem. Time to submit then " Kevin2600 on Twitter As far as the specialized hardware for Relay of bluetooth, I'm pretty sure you could use something like GATTacker. securing/gattacker BTLEJack virtualabs/btlejack Although more clunky BTLEJuice could probably pull it off as well. DigitalSecurity/btlejuice Latency is going to be the main killer of attempts at proof of concept on BLE. There is a private slack group for folks playing around with things of this nature if anyone is interested send me a PM, and I can get you an invite. Kevin2600 is one of the members of the group now. We are collectively trying to get folks in the scene that are working in parallel, to work together, and shortcut each others man hours for research. Pwn2own is a potential driver for some of the folks, others are just having fun with research. Tesla returns to Pwn2Own hacking competition with Model 3 as target and prize
Key fobs are on the UK store now and I think the new version does have passive entry.. “No hands required. Locking and unlocking your Model 3 has never been easier. Keep your key fob in your pocket and simply pull on the door handle for easy entry. Same with the trunk. Your key fob is automatically enabled when you pair with your vehicle.”
haha, me too, that and a load of office workers at the window "That guy really does love his car, a little too much!!!!"
I think PIN to drive is more useful to prevent someone jumping in and driving off whilst for example you are loading your shopping in the boot than accidentally leaving the car unlocked whilst unattended.
There was a case last week here in Australia where the thief just got in the Model 3 and drove away because the owners phone was only 3 metres away (through a wall) which was still close enough to be able to start the car. Guy got about 5km away when he put it in park, but couldn't get it back into drive again without the phone or keycard. Car was recovered with no damage or anything missing (although the guy who stole it posted a photo and video on instagram of him driving it, moron). So Pin to drive would have prevented this.
I've already had a neighbour comment on how much I must like the car because they often see me, in their words, dry humping it With my phone in my right pocket the doors often don't open on the first attempt. Relay attacks are a double edged sword - as much as I'd hate the car to be stolen, I'd rather someone do it that way than forcing their way into my house and threatening my family with their weapon of choice.
