Tesla Thieves

[Gremlin]

Thieves Caught on Video Stealing Tesla With Key Fob Relay Hack - ExtremeTech. Think I'm going to request a new key fob for Lord Raiden.

 

[luckyj]

I think you meant to post here Video of a Model S being stolen in the UK

 

[Gremlin]

I think you meant to post here Video of a Model S being stolen in the UK

The link of the video was in the article so I was lazy lol

 

[DOCAL]

Thieves Caught on Video Stealing Tesla With Key Fob Relay Hack - ExtremeTech. Think I'm going to request a new key fob for Lord Raiden.

The new key fob won't help against a relay attack. Disabling passive entry, and/or enabling PIN to drive are the best options.

 

[xyeahtony]

The new key fob won't help against a relay attack. Disabling passive entry, and/or enabling PIN to drive are the best options.

or parking in the garage. from the video, it looked like the guy had one. Mine is loud enough i'd hear someone opening it, and even if i didn't, it would take a lot of noise to force open a closed/locked garage door.

 

[Tim-in-CA]

The new key fob won't help against a relay attack. Disabling passive entry, and/or enabling PIN to drive are the best options.

Interesting that this article/video is splashed across the interweb, and although they mention the extra security features Tesla has (disable passive entry / PIN to Drive) there’s no mention that the majority of other vehicles have no such features.

 

[Shock-On-T]

It's much safer in America, or even here in the USA (United States of Australia) because there's no Eastern Europe to freight your cars parts to. Pretty hard to re-sell a stolen Tesla in either of our countries.
If I were still living in the UK I'd enable PIN-to-Drive and also keep my keys in a metal box when at home.

 

[patelhiren]

So if you disable passive entry, is pin to drive still necessary?

 

[Tim-in-CA]

I'm sure its just another layer of security you could have. In the US, I don't think that relay attacks are too common. The PIN would add another layer if for some reason they managed to get in the vehicle. I haven't tried, but would be good if the PIN also blocked access to disable remote access settings as well.

 

[anonim1979]

Keyfobs (for ANY car) need a motion sensor inside.

You put the fob away and after 1 minute it turns itself off = no signal. Nothing to amplify, nothing to relay, nothing to clone. You can sleep soundly at night.

No more relay attacks:

 

[.jg.]

So if you disable passive entry, is pin to drive still necessary?

Yes, if you have fobs with low encryption (40 bit key) e.g. fobs from before June 2018. This relates to a different exploit, not a relay attack.

 

[Droschke]

Keyfobs (for ANY car) need a motion sensor inside.

Nothing to amplify, nothing to relay, nothing to clone.

What about the keyfobs in motion?

 

[Cyberax]

Actually, keyfobs don't need motion sensor. They need distance-limiting protocols, so that they'll be useless unless they are close enough to the car.

 

[Shock-On-T]

Actually, keyfobs don't need motion sensor. They need distance-limiting protocols, so that they'll be useless unless they are close enough to the car.

Problem is that the key is still pretty close to the car if you're parked in front of a normal (small) UK house. Might only be 15-20 feet away.
Metal key box is the way to go. I'd also use PIN-to-Drive.

 

[verygreen]

Interesting that this article/video is splashed across the interweb, and although they mention the extra security features Tesla has (disable passive entry / PIN to Drive) there’s no mention that the majority of other vehicles have no such features.

tesla pin to drive is useless against this attack. There's a deeper vulnerability at play here that would make pin to dive ineffective.

 

[dgpcolorado]

tesla pin to drive is useless against this attack. There's a deeper vulnerability at play here that would make pin to dive ineffective.

How do you figure that? Yes, relay attack thieves can get in the car but with PIN to drive they can't start the car to drive it away.

 

[verygreen]

How do you figure that? Yes, relay attack thieves can get in the car but with PIN to drive they can't start the car to drive it away.

there's one extra easy step to disable pin to drive, root the car and drive away. Takes 10 seconds from the moment the door is open. don't even need to relay the keyfob even, just break the window disable the siren in 5-10 seconds and drive away.

 

[KArnold]

there's one extra easy step to disable pin to drive, root the car and drive away. Takes 10 seconds from the moment the door is open. don't even need to relay the keyfob even, just break the window disable the siren in 5-10 seconds and drive away.

Seriously? I'd love to see this demo'd. I haven't actively searched the "how to root" steps but the ones I've stumbled across seem to take a bit of time. Minutes maybe if you are good. But 5-10 seconds? I would be impressed and even pay for that knowledge.

 

[verygreen]

Seriously? I'd love to see this demo'd. I haven't actively searched the "how to root" steps but the ones I've stumbled across seem to take a bit of time. Minutes maybe if you are good. But 5-10 seconds? I would be impressed and even pay for that knowledge.

I cannot spill too many details. There's a demo video, but it's also private. Tesla was notified and I hope is working on it.

 

[Mark Z]

Perhaps it would be smart to clean the screen occasionally. No sense leaving greasy fingerprints where the PIN number is entered. That could help speed the process of guessing a PIN by knowing the numbers pressed. If one finger print is over the number "1", it's time to clean your screen and change the PIN. Use 4 different numbers for maximum security.

Check the combinations of the numbers you are using here: Combinations and Permutations Calculator

If the numbers pressed are discovered, here are the number of tries needed:

4 different numbers = 256 permutations
3 different numbers = 81 permutations
2 different numbers = 16 permutations
1 number = 1 permutation