Serious security issue with phone as a key

Kreten · Mar 13, 2018

Three days ago I rented Model 3 via Turo on my trip from SF to Reno. Since I have my Tesla account on an app on my Phone, the guy who rented it to me logged with his account on my iPad. So I was able to enable iPad as a key to Model 3. It works like a charm and everything is OK with an exception of one thing: when I leave iPad in the car and lock it via key card it looks like locked but it will unlock to anyone (and he/she can even drive away with it).

How to reproduce:

Put your bluetooth device you are using as a key (typically phone) in a car.
Lock your car with key card.
Go away and leave there key card (so you will be sure that car did not react with it in any way).
Go back to the car and try to open driver's door (ignore the fact that car looks locked and try to open it anyway).
The car will unlock itself for you and you will be able to hop in and drive away.

I get that you usually do not do this. I encountered it only because I didn't want to take my iPad with me, so I locked with the key card. And I was very surprised when I came back and "just for fun" tried to open the car. After that, I tried it several times, always with success.

What it seems happening is this. When you try to open the door while the car is still locked, it will actively look out if a bluetooth key is in range. And since it is in the car, it is in range, and the car unlocks itself.

But imagine a situation when you and your wife will have both phones acting as a key. Then you will forget one of them in the car and leave together with just one phone. The car can lock up but will unlock to anyone because phone acting as a key is inside the car. I cannot verify if this can happen as I cannot add another device as a key to the car but I do not see why it will not happen...

BTW, I am not writing this to blame Tesla. I really like and admire how they are rethinking cars and declutter them. And to be honest, I am for years saying that I want my apple watch act as a key to my car (and in case of running out of juice with my watch I would like to be able to manually unlock my car with phone app over bluetooth).

slipnslider · Mar 13, 2018

There are dozens or even hundreds of possible scenarios where the phone key will be more problematic than a fob. I can't believe a fob isn't even an option and the phone key is mandated, while being clearly unreliable. And the key card is just a frustrating bandaid. #bringbackthefob

timk225 · Mar 13, 2018

This whole phone key / key card thing is a dumb idea. A plain old key fob is simpler and more reliable. Tesla is trying to improve something that doesn't need improved.

int32_t · Mar 13, 2018

Kreten said:
Three days ago I rented Model 3 via Turo on my trip from SF to Reno. Since I have my Tesla account on an app on my Phone, the guy who rented it to me logged with his account on my iPad. So I was able to enable iPad as a key to Model 3. It works like a charm and everything is OK with an exception of one thing: when I leave iPad in the car and lock it via key card it looks like locked but it will unlock to anyone (and he/she can even drive away with it).

How to reproduce:

Put your bluetooth device you are using as a key (typically phone) in a car.

Lock your car with key card.

Go away and leave there key card (so you will be sure that car did not react with it in any way).

Go back to the car and try to open driver's door (ignore the fact that car looks locked and try to open it anyway).

The car will unlock itself for you and you will be able to hop in and drive away.

I get that you usually do not do this. I encountered it only because I didn't want to take my iPad with me, so I locked with the key card. And I was very surprised when I came back and "just for fun" tried to open the car. After that, I tried it several times, always with success.

What it seems happening is this. When you try to open the door while the car is still locked, it will actively look out if a bluetooth key is in range. And since it is in the car, it is in range, and the car unlocks itself.

But imagine a situation when you and your wife will have both phones acting as a key. Then you will forget one of them in the car and leave together with just one phone. The car can lock up but will unlock to anyone because phone acting as a key is inside the car. I cannot verify if this can happen as I cannot add another device as a key to the car but I do not see why it will not happen...

BTW, I am not writing this to blame Tesla. I really like and admire how they are rethinking cars and declutter them. And to be honest, I am for years saying that I want my apple watch act as a key to my car (and in case of running out of juice with my watch I would like to be able to manually unlock my car with phone app over bluetooth).

I've been wondering about this type of scenario myself. So apparently it's possible, which is a bit scary. It's all well and good to say "Don't forget your phone!" But we're all human and will forget sometimes.

I wonder if there's any way to tell, via Bluetooth, that the user woke up the phone (as opposed to a notification waking the phone), so you could just press a button in your pocket as you walk up to the car. That way, even if the phone was left in the car, its presence alone wouldn't allow somebody to drive off. Though I can't imagine there's a simple solution to this problem, really … :S

SMAlset · Mar 13, 2018

You really shouldn't leave your ipad in the car.

What if you shut down your ipad, or disabled blue tooth on it? Isn't the ipad in your situation working just like a key card and if you leave your card in the car it would do the same? Don't have my Model 3 yet so can't try out.

Daniel in SD · Mar 13, 2018

Isn't there the same problem if you leave a fob in the car?
I really like the idea of a phone as a key. I'm hoping to eliminate my keychain entirely.

WileyTheMan · Mar 13, 2018

I get that this can be an issue, but:

1) If you knowingly want to leave your phone/pad in your car and keep it secure, turn on airplane mode.
2) If you accidentally leave it in the car, its the equivalent of leaving your keys in the car, so not really a phone key issue.

callmesam · Mar 13, 2018

TURN
OFF
BLUETOOTH

You left the key in the car. What did you expect would happen?

int32_t · Mar 13, 2018

WileyTheMan said:
2) If you accidentally leave it in the car, its the equivalent of leaving your keys in the car, so not really a phone key issue.

Not totally sure about this one. In the olden days, you'd have a key which would go into the steering column. If left in there when the driver's door was opened, the car would chime. There's no way for the Model 3 to have a "you forgot your keys" chime, because it would just do that every time you opened the door since it has no way of knowing if your phone is in your pocket or somewhere in the vehicle and about to be left behind.

kingjamez · Mar 13, 2018

int32_t said:
Not totally sure about this one. In the olden days, you'd have a key which would go into the steering column. If left in there when the driver's door was opened, the car would chime. There's no way for the Model 3 to have a "you forgot your keys" chime, because it would just do that every time you opened the door since it has no way of knowing if your phone is in your pocket or somewhere in the vehicle and about to be left behind.

Teslas don't use keys and he is exactly right that the above (wildly overblown) scenario is equivalent to leaving your fob in an S or an X.

This is not a big deal.

Sandiegodoug · Mar 13, 2018

Daniel in SD said:
Isn't there the same problem if you leave a fob in the car?
I really like the idea of a phone as a key. I'm hoping to eliminate my keychain entirely.

Been using phone as key for a month. Works great. Keep the black card in my wallet for emergencies. Nice not to have a ring of keys in your pocket.

kengchang · Mar 13, 2018

timk225 said:
This whole phone key / key card thing is a dumb idea. A plain old key fob is simpler and more reliable. Tesla is trying to improve something that doesn't need improved.

Until you damaged/lost the key fob and stealership charges you $250 to do a new one

mkspeedr · Mar 13, 2018

I am sure if there were forums in 1910 people would have complained about "why do you need keys" - "what happens if you forget your key..."

On the Ducati forum they complain about forgetting the key fob - The problem is starting the motorcycle with the key fob in the garage. Ride away - stop to get gas and you cannot restart the motorcycle. Then you are forced to search for your pin to enter to start the bike. They want to bring back the key and kill the fob.

Kreten · Mar 13, 2018

WileyTheMan said:
I get that this can be an issue, but:

1) If you knowingly want to leave your phone/pad in your car and keep it secure, turn on airplane mode.
2) If you accidentally leave it in the car, its the equivalent of leaving your keys in the car, so not really a phone key issue.

2) Now, it is not. Because someone will have to break into the car as it will be locked. The problem here is that Model 3 will unlock itself once someone tries to open it...

kingjamez said:
Teslas don't use keys and he is exactly right that the above (wildly overblown) scenario is equivalent to leaving your fob in an S or an X.

This is not a big deal.

No, it is not equivalent. I tried this with my S previously, and it cannot be done this way...

callmesam said:
TURN
OFF
BLUETOOTH

You left the key in the car. What did you expect would happen?

Did you read what I wrote? Car checks for the device when I try to open it manually. And that is the problem. Yes, once I found that I was turning off bluetooth. But I can imagine several scenarios when Model 3 owners would be confused and accidentally let this happen.

kbecks13 · Mar 13, 2018

Kreten said:
Did you read what I wrote? Car checks for the device when I try to open it manually.

Seems like you have a valid point. Would a fix be something as easy as saying "If car was locked via keycard, it must then be unlocked with a keycard or via the App (pushing unlock, NOT location/phone key based)"?

TheLocNar · Mar 13, 2018

I just never forget my phone. Once I leave the house it’s always with me. *shrugs*

davedavedave · Mar 13, 2018

Kreten said:
Then you will forget one of them in the car and leave.

Erm, why would we ever do that!? ;-)

timk225 · Mar 13, 2018

kengchang said:
Until you damaged/lost the key fob and stealership charges you $250 to do a new one

How many key fobs have you lost in your life? I'm at zero. But sometimes I am too lazy to take my phone into a store with me, so that can be an issue with the 3.

Sandiegodoug · Mar 13, 2018

You don’t need a phone
Just use that black credit card sized device
They give you 2 . I tried, they work great.

nvx1977 · Mar 13, 2018

I just verified that in my S, if I leave a fob in the car, I can lock the car (or let it lock itself after a delay). Then to unlock it, I just press on the handle and they will present. The behavior is the same.

Question is: are you more prone to leave a fob in the car or a phone? I think phone is more likely, particularly if you take it out of your pocket and either use the charge pad or have a mount.

In my ICE car, if I leave my fob in the car, the car won't lock, and it will beep at me to warn me that there's a fob. I tend to agree that Tesla could do more here to improve security in the event a phone is left in the car.

Wonder if there's a Tasker solution here (for Android only) as a workaround.

Serious security issue with phone as a key

Member

Member

Active Member

Tesla Spotter

Well-Known Member

(supervised)

Peanut Gallery Member

Member

Tesla Spotter

Member

Active Member

Active Member

Member

Member

Active Member

Member

Member

Active Member

Active Member

Unknown Member

Similar threads