Serious security issue with phone as a key

[nvx1977]

This behavior must have changed at some point. My wife left her fob in the Model S once very soon after getting it in 2016. When the handles retracted, they would not present again after pressing them inward. It also just so happened that at that same time, our Xfinity Internet was down (car connected to our WiFi), so she couldn't connect to the car with the phone app - she wasn't in a rush to go anywhere and just left it until the Internet came back up since she didn't want to deal with hunting for the wifi router and unplugging it.

I first learned about fob in car keeps the car unlocked when I had to have my S towed to the service center. The driver contracts with Tesla and is very familiar with the cars. He told me to leave my fob in the car for the service center. When my handles auto retracted to lock position, I asked him how the service center was going to unlock my car. He pressed on the handles and they presented and told me the car doesn't stay locked if there's a fob inside. This was a month ago.

I can't really explain the difference in behavior. Would they really have separate firmware behaviors for something like this?

-edit-
I re-read your post. I see what you're saying. Back in 2016, it was possible to lock a fob in the car.

 

[Kipp]

Toyota did it right: The car unlocks when you touch the handle, provided the fob is nearby.

Just saw this about an update 2018.10.1 which brings the following features:

• AEB speed increased to 90mph.
• Heated rear seats
• Improved auto-unlock (if you have your phone with you, car unlocks only when you pull the door handles)
• Rearranged icons for settings

Seems as though Tesla recognizes there are issues and is doing what other manufacturers do. My Leaf also operates similarly to how the Toyota does. If you have the fob, press the button on the handle and the vehicle unlocks. The Leaf will also not lock if the fob is inside.

My wife tries to leave her purse in the Leaf but it has the fob in it so she has to go and take it out before we walk away from the car together. That annoys her. She most always takes her phone with her so, for us, maybe this works well.

 

[daniel]

... update 2018.10.1

• Improved auto-unlock (if you have your phone with you, car unlocks only when you pull the door handles)

Fantastic news!!! Thanks for posting this. This is how it should be!

 

[dwharrison]

Seems as though Tesla recognizes there are issues and is doing what other manufacturers do. My Leaf also operates similarly to how the Toyota does. If you have the fob, press the button on the handle and the vehicle unlocks. The Leaf will also not lock if the fob is inside.

So is this just removing the "Unlock on walk up" setting and permanently disabling it? I

 

[diamond.g]

So is this just removing the "Unlock on walk up" setting and permanently disabling it? I

That is what folks on reddit are saying.

 

[Devanish]

Did they include the usual fob transmitter/receiver in the 3 at all? Or is it only a RFID and BT module in each car. BTLE fobs can't be that cheap already are they?

BTLE was going to be included with the car regardless. Also not having a fob removes one more potential bottleneck in the supply chain.

 

[diamond.g]

BTLE was going to be included with the car regardless. Also not having a fob removes one more potential bottleneck in the supply chain.

I mean the next thing for someone to try, say @wk057 or @Ingineer, would be to see if they can get the Model X fob, (maybe the S fob) to pair with the 3. The concern I have is that the pairing happens at the car/server level instead of just at the car level.

 

[Kipp]

So is this just removing the "Unlock on walk up" setting and permanently disabling it?

It sounds like it. How does this change differ from the "Unlock on walk up" setting? Since I don't have the car yet (1-2 weeks), here are my guesses:

1. Mirrors don't unfold before you touch the car (less cool)
   
2. Unlocking only happens when you touch the car so that passengers have to wait an extra few seconds
3. ...?

The #2 item above, causes my wife a bit of angst when she gets to the car (Leaf) first but since she also has the Leaf key fob, she can unlock the door just as easily as I can so it is not a big deal. This should be the same for the Model 3. I'm just curious if the car will know who is driving if she unlocks the car first (but on the passenger side).

 

[Dan Detweiler]

Another thread boasting pages of concerned replies dies a quick death via an OTA update! Ah, the beauty of a Tesla.

Good things come to those who wait!

Dan

 

[daniel]

I presume it will still lock when you walk away, since there's no physical Lock button as the Prius has. Actually, once they implement the "Unlock on Touch" they could make it user-selectable.

One of the things I love about Tesla is that they listen to the users and make improvements.

 

[nvx1977]

I'm confused. How does the new OTA address the original concern of a phone in the car allowing anyone to open the door? Can the car detect that the phone is inside rather than on the person trying to open the door?

 

[Kipp]

I'm confused. How does the new OTA address the original concern of a phone in the car allowing anyone to open the door? Can the car detect that the phone is inside rather than on the person trying to open the door?

I doubt it does fix the original problem. It fixes the problem of cars activating (mirrors folding in and out) as the owner passes by in the garage or nearby room.

 

[jomo25]

Count me among those who are happy to not have to carry a fob, and for whom the phone is working really well. As for the ‘security issue’, i have to admit, i did leave the phone in the car once. I got about 20 paces from the car and and realized I was missing the phone and went back and got it.

 

[Zeronet]

This whole concept of a phone key is out-of-control technology for for the sake of technology - And I don't find a fob any better. Because I am retired, I can safely refuse to be a smartphone slave and am free to enjoy the world using my senses alone. I love my Tesla, but I wish I had a real key; the metal kind that fits in your pocket, can get wet, and never looses its charge. They were invented 6000 years ago and have been very successful since. There was no reason to replace them.

 

[kengchang]

This whole concept of a phone key is out-of-control technology for for the sake of technology - And I don't find a fob any better. Because I am retired, I can safely refuse to be a smartphone slave and am free to enjoy the world using my senses alone. I love my Tesla, but I wish I had a real key; the metal kind that fits in your pocket, can get wet, and never looses its charge. They were invented 6000 years ago and have been very successful since. There was no reason to replace them.

The key card is waterproof, is it not?

 

[diamond.g]

The key card is waterproof, is it not?

As any credit card is...

 

[tuoncan]

I don't think this is a serious security issue. It's a user error.

So what if you lock the car with the key card and somehow lose the key card or the key card got damaged? Now wouldn't you want to be able to unlock the car with your phone or tablet? If the OP wants it his way, then when he loses his key card, he will come up here complaining that the car won't let him in even with his phone nearby. You can't have it both way.

Also if your wife or kid is still inside the car with the tablet and her seat sensor fails, how would the car knows that someone is inside the car or not? How would you want the car to react then?

It hard to write software to cover all possible scenarios. It's also much more complicate to write software to react differently based on previous action. The car has to store away information on how it was locked previously and traverse through different path of the code based on that. It's much simplier to have 1 set of code that lets you open the door based on a set of predetermined inputs.

I would imagine their code is as simple as this if car is not manually locked:
if (bluetooth signal is detected OR key card detected OR Unlock command is received remotely ...)
// door unlock = true
...

If they start to handle all possible scenarios, using just 1 scenario where a person is sitting inside the car and has not manually locked the car, you can see how complicate it can get:

if (bluetooth signal is detected OR ...) {
... if (all seat sensors working) { -- has to go check all seat sensors, can delay unlock time
...... if (weight is detected) {
....... // door unlock = true? -- what if you have some heavy stuff on the seat? Do they need to monitor movement on the seat now? how frequently, battery usage?
....... }
... }
... else { -- at least 1 seat sensor fail
...... // NO good solution since it doesn't know if there is a person inside the car or not.
...... // they can start using the inside camera, but then what if that fails/covered with duck tape too?
... }

 

[Zeronet]

Yes, the keycard can get wet, but can it handle fine dust, grit, and mud? I work outside a lot, and the fine, red, iron-rich, dust here gets into everything I wear. It has destroyed several of my credit cards with magnetic strips. I am not sure if RFID cards are safe from this. I am thankful for the key card, just wish I had a real key.

 

[PhaseWhite]

When you enabled the key feature on your iPad it became a key. You left your key in the car. That’s asking for trouble.

 

[diamond.g]

Yes, the keycard can get wet, but can it handle fine dust, grit, and mud? I work outside a lot, and the fine, red, iron-rich, dust here gets into everything I wear. It has destroyed several of my credit cards with magnetic strips. I am not sure if RFID cards are safe from this. I am thankful for the key card, just wish I had a real key.

As far as I can tell the only thing you would have to worry about with the Key Card is the lamination coming off. That shouldn't affect the NFC/Antenna though. As far as I can tell, mud, dust, grime, etc has no effect on it's function.