TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC

Switch off "Passive Entry" NOW!!

Discussion in 'Model S' started by PW.S75D, Jul 30, 2018.

  1. PW.S75D

    PW.S75D Member

    Joined:
    May 6, 2018
    Messages:
    8
    Location:
    Bury St. Edmunds
    I have twice now had my car opened by what is probably a "relay attack".
    Both times i returned to the car (2017 Model S) to find the courtesy lights on and the door handles presented.
    As it was night time in both cases in an unlit car park area i could it from probably 60 Metres away.
    Tesla seems to think it is ok as other manufactures cars suffer from the same attacks.
    I don't know if other owners received this email from Tesla, so if you did not here is a copy:-

    We would like to share some tips for ensuring the safety of your Tesla. When enabled, our Passive Entry setting will automatically unlock the doors of your Model S when you approach it with your key. Relay attacks, a type of vehicle break-in that can be targeted at vehicles from many manufacturers including Tesla, allows an attacker to transmit a signal from your key in one location to your car in another location, thereby creating the potential for unauthorised access and entry.
    You can decrease the likelihood of unauthorised entry by disabling Passive Entry when parked in public spaces or storing your key in a holder which blocks electromagnetic transmissions, such as a RFID-blocking sleeve or Faraday cage.
    To disable Passive Entry, touch Controls > Settings > Doors & Locks > Passive Entry > OFF. Please note that you must press the brake pedal to power Model S on before you can change this setting.
     
    • Informative x 2
    • Like x 1
    • Funny x 1
  2. boaterva

    boaterva Supporting Member

    Joined:
    Apr 2, 2016
    Messages:
    5,380
    Location:
    Northern Virginia, USA
    As far as we’ve seen (anyone?) this email has appeared only in Europe and other places where this attack has occurred. I don’t think it’s been seen in the continental US.

    As for disabling Passive Entry, definitely anyone can do so and see if the peace of mind is worth the extra inconvenience.

    Another option is as mentioned to keep keys in a faraday bag at home so drive bys can’t capture the signal. (Depends how busy your home road is, of course!).

    Sorry to hear the practice has reached your area!
     
    • Like x 1
  3. widodh

    widodh Model S 85kWh

    Joined:
    Jan 23, 2011
    Messages:
    6,001
    Location:
    Middelburg, The Netherlands
    In Europe this is very, very, very common indeed. Even Tesla owner I meet I advise them to turn it off.

    It's a matter of time before this reaches the US and Model S/X are stolen using this attack. So please, indeed, turn it OFF!
     
    • Like x 1
  4. E-Ryc

    E-Ryc Member

    Joined:
    Jun 6, 2018
    Messages:
    132
    Location:
    Prague, CZ (EU)
    @PW.S75D Why would anyone open the car twice and do/steal nothing? Not mentioning that once the fob is no longer "nearby" the car locks again. I'd guess that either someone uses 433MHz range extender nearby for some other purpose (and your car unlocked is just side effect) or there are some exceptional conditions and for works from longer distance than usual.
     
    • Like x 2
    • Informative x 1
  5. JeroenNL

    JeroenNL Member

    Joined:
    Jun 27, 2016
    Messages:
    5
    Location:
    Nederland
    I have had something similar twice already. In both cases, it turned out I hadn't fully closed one of the doors and the car simply hadn't locked itself. I'm not trying to downplay the risk of the relay attack, but I find it highly unlikely that someone opened the doors and then did nothing...
     
    • Informative x 3
    • Like x 3
  6. J1mbo

    J1mbo Active Member

    Joined:
    Aug 20, 2013
    Messages:
    1,259
    Location:
    UK
    60 meters does seem quite a distance for a relay attack, most I've seen online are maybe 5-10meters between the two pieces of equipment.

    I wonder if someone's running a good old fashioned jammer in that car park. This just prevents the car from being locked when you click the button. Many people don't check that their car has locked once they click the remote, and that means the miscreants can rummage through unlocked cars for loot without setting off any alarms.

    Just make sure you have walk-away locking enabled and PE disabled.
     
  7. boaterva

    boaterva Supporting Member

    Joined:
    Apr 2, 2016
    Messages:
    5,380
    Location:
    Northern Virginia, USA
    Also not downplaying, I also did this once. Closed my driver’s door all the way but not quite. And from there the power close won’t work. And you can’t do it remotely. Eek! I saw the door open on Remote S later and rushed back and it was open about an inch.

    Allen has a wish list entry from me for some sort of notification setting in the app for this.

    But for OP’s being one or the other, your own risk tolerance will have to decide whether you disable PE or not.
     
  8. boaterva

    boaterva Supporting Member

    Joined:
    Apr 2, 2016
    Messages:
    5,380
    Location:
    Northern Virginia, USA
    Btw this is why we want the walkaway lock sound added to the S and X as well as the 3! :D
     
    • Like x 4
  9. Joe F

    Joe F FUD Buster

    Joined:
    Sep 19, 2016
    Messages:
    1,158
    Location:
    Outside Philly
    Out of an abundance of caution, I have had PE disabled since this issue first surfaced. Annoying, especially once in the S and sometimes have to use the fob to unlock before starting and have to unbuckle and dig it out of my pocket. Perhaps worth the peace of mind though if this ever becomes a thing in the USA.

    One funny episode: Had to drop the car off for its yearly State Inspection (read money grab) and watch as the mechanic tried to unlock the car by repeatedly waving the fob at the B pillar. Had a good chuckle out of that, and had to go out and show him how to unlock it.
     
    • Funny x 1
  10. .jg.

    .jg. Member

    Joined:
    Feb 27, 2018
    Messages:
    262
    Location:
    Weston Super Mare, England
    I was under the impression that update 2018.18 changed the default setting of Passive Entry to OFF (but it can be re-enabled in settings).

    I too would like a sound to confirm that the car is locked when you walk away (ideally, the sound should be programmable).
     
    • Like x 1
  11. PW.S75D

    PW.S75D Member

    Joined:
    May 6, 2018
    Messages:
    8
    Location:
    Bury St. Edmunds
    I always check that the car locks with walk away locking selected, because i do not trust it.
    It can sometimes be annoying because i have to stop walking, If not i will be loosing sight of the car before it locks.
    So both times it was defiantly locked.
     
  12. MasterT

    MasterT Member

    Joined:
    Dec 19, 2016
    Messages:
    785
    Location:
    North Miami Beach, FL
    I choose to keep PE on for its convenience but to prevent relay attack, I keep my fob in a faraday pouch at home
     
    • Like x 2
  13. Need

    Need Active Member

    Joined:
    Nov 22, 2017
    Messages:
    1,459
    Location:
    Rancho Cucamonga, CA
    But if someone uses this method to unlock your car and got in to steal stuff, the car would not have stayed unlock when you got back. Once they left, the car locked back up itself.

    Here in the US, thieves use a more primitive method... smash and grab. No need to fiddle with technology.
     
    • Like x 1
    • Funny x 1
  14. Ande

    Ande Member

    Joined:
    Jul 28, 2017
    Messages:
    407
    Location:
    Norway
    Unless US is kind of technologically impaired, it's going on in US too, ... on the other hand ... you are still using the imperial system, so maybe even thieves are technologically impaired there :)

    SOLUTION : @elonmusk (surely won't be reading this)
    Tesla, being the cleaver headed company it is, should be the first to implement a time-of-flight check like this:
    The method below verifies the time-of-flight for actual proximity, and won't be susceptible to relay or replay attacks:

    0-CAR broadcasts for FOB response (FOB only transmits when near car)
    1-FOB responds
    2-CAR: Sends the FOB a cryptographic challenge (and stores the nanosecond count when the transmit buffer were emptied):
    3-FOB: right after receiving the last bit of that message, transmit a 32bit timestamp.
    4-CAR: measures the time from it's transmission to the first byte of this "timestamp" (subtracting a FOB's internal delay too)
    5-CAR: if CAR-FOB communication timestamps happened up to 3 nanoseconds apart, the owner is ~9m away. if that is within limit: proceed:
    6-FOB: encrypt a response to the challenge+"timestamp" , send it.
    7-CAR: verify timestamp" time for sanity , if step "5" indicated closer proximity then preset x meters, accept fob command/proxmimity action.

    It's most likely that this would require a FOB & FOB receiver upgrade.. unless they can do that magic by firmware upgrade of the microcontrollers in-car and only new FOB is needed... but hey, Tesla would be the first company to solve it !
     
  15. E-Ryc

    E-Ryc Member

    Joined:
    Jun 6, 2018
    Messages:
    132
    Location:
    Prague, CZ (EU)
    They probably use standard OEM components so there is (most probably) no easy solution w/o hardware change. And as the future is in phone and Bluetooth (which may be even more vulnerable by this type of attack), I wouldn't put too much hope in it,
     
  16. SpudLime

    SpudLime Member

    Joined:
    Jun 10, 2018
    Messages:
    934
    Location:
    Chantilly, Va (Loudoun)
    AHEM, those are called MURRICA units!
     
    • Funny x 3
  17. f205v

    f205v Member

    Joined:
    May 12, 2018
    Messages:
    128
    Location:
    Switzerland
    Very interesting read!
    I disabled my PE today, getting scared by the first post, but then I asked myself: is there a keyfob pouch with Faraday's cage that you can suggest?
    Thanks in advance for your suggestions.
     
  18. MasterT

    MasterT Member

    Joined:
    Dec 19, 2016
    Messages:
    785
    Location:
    North Miami Beach, FL
    I am using this one https://www.amazon.com/gp/product/B072LT73RP?tag=tmc064-20
     
    • Helpful x 1
  19. J1mbo

    J1mbo Active Member

    Joined:
    Aug 20, 2013
    Messages:
    1,259
    Location:
    UK
    IMO there should be an option to keep PE on, but force the owner to present the key to the built-in RFID reader in the cabin (below the 12V socket) before the car will start. The fobs were not designed for heavy use of the buttons.
     
  20. ShockOnT

    ShockOnT ⚡️⚡️⚡️⚡️⚡️

    Joined:
    Jun 26, 2016
    Messages:
    2,316
    Location:
    Sydney
    The problem with the faraday cage is that fishing the fob out of a pouch is the same inconvenience level as just clicking the fob.
    I’d just switch off passive entry and get used to clicking.
    This will change if/when Tesla implements phone-as-key for Model S and X. I would guess this system requires an encrypted handshake which is something a relay can’t do (or at least would require two relays).
    And lastly, the reason this hack is only in Europe is that the US doesn’t have a landbridge to Albania/Bulgaria/Ukraine etc etc.
     

Share This Page

  • About Us

    Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.
  • Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


    SUPPORT TMC