Time to disable bluetooth as a key?

[Glamisduner]

I have been reading allot of articles lately that say the model 3 (even the new one with UWB) are susceptable to radio relay attacks, and BLE relay attacks.
I have an older model 3 (2018). I don't think there is any fix for non-highland models?

However most articles are just repeated news (not primary source) and don't go into enough detail for me to understand the actual problem. Is the bluetooth hack actually a thing or are they talking about keyfob attacks or something else?

Is there a way to disable the bluetooth as a key option? (just delete all the bluetooth keys?).

Should I instead use the key card to unlock / lock and drive the car from now on, or is that just as susceptable if someone is using one of these relay attack devices?

Thanks!

 

[NJM3]

Not answering your question but the inconvenience of using the key card is not worth it. Use your insurance in the extremely unlikely case that someone steals your car. Not worth worrying about.

Your car is not especially valuable and other cars are easier to steal.

 

[E90alex]

I’m not concerned. If they really want it they will take it somehow no matter what. They can simply tow the car away even if you disable phone key. I have insurance for a reason. I’m not going to inconvenience myself for the rare chance someone is going to steal my car via relay attack.

 

[Mr X]

Disable bluetooth and also wear a tinfoil hat every time you go to unlock your Tesla.


And stop reading Yahoo news

 

[ucmndd]

Use pin to drive if you’re paranoid.

 

[father_of_6]

Just use PIN to drive and call it a day.

Has there been a recent uptick in relay attacks on Teslas? That'd be news to me.

As it turns out, you can sledgehammer your way right into just about anyone's home. Not gonna build a castle for fear of sledgehammer attacks.

 

[Glamisduner]

I’m not concerned. If they really want it they will take it somehow no matter what. They can simply tow the car away even if you disable phone key. I have insurance for a reason. I’m not going to inconvenience myself for the rare chance someone is going to steal my car via relay attack.

Insurance these days is too costly to use. I'm about to pay out of pocket for someone who swiped my car with their mirror int he parking lot and left. Because if I use my insurance to fix it, my rates will go up.

Not answering your question but the inconvenience of using the key card is not worth it. Use your insurance in the extremely unlikely case that someone steals your car. Not worth worrying about.

Your car is not especially valuable and other cars are easier to steal.

Valuable enough to me, I believe I paid 78k before incentives and just recently paid it off. Although sure these things dumped their values so now it's probably worth under 28k...

 

[NJM3]

Insurance these days is too costly to use. I'm about to pay out of pocket for someone who swiped my car with their mirror int he parking lot and left. Because if I use my insurance to fix it, my rates will go up.



Valuable enough to me, I believe I paid 78k before incentives and just recently paid it off. Although sure these things dumped their values so now it's probably worth under 28k...

Do you have insurance?

 

[Glamisduner]

Do you have insurance?

Yes, but it just goes under collision and I am told that although it's not my fault my rates will go up. Rates are getting crazy here in California. My home owners has trippled over the last 3 years, car insurance is up too. I definatly don't want higher rates, or to get dropped for using my insurance and have to switch to something more expensive.

 

[jjrandorin]

Is there a way to disable the bluetooth as a key option? (just delete all the bluetooth keys?).

Yes, you can delete the phone key from the car and the phone and stop using it if you want to.

Insurance these days is too costly to use. I'm about to pay out of pocket for someone who swiped my car with their mirror int he parking lot and left. Because if I use my insurance to fix it, my rates will go up.

There is a huge difference in someone stealing your car, and paying for a mirror. Insurance is not too costly to use for someone stealing your car.

Insurance is too costly to use it to pay for a 400-500 dollar issue, that would be billed under collision, and possibly raise your rates for 3 years with about 1k additional spend (so net cost of like 500).

Someone stealing your car doesnt fall under "insurance too expensive to use".

Anyway, this falls under "you could put 3-4 locks on your front door and it would be safer, but a lot less convenient. Same deal here. Turn on pin to drive, then even if someone gets in they cant drive off. Or, Remove all phone keys and use a keycard (and make sure you are not using any keyfobs either).

 

[Shelburne]

According to my insurance agent, as well as a friend's agent, the rule of thumb here in Massachusetts is that it will cost you more in the long run to have insurance cover the repairs if those repairs amount to less than $5000. Of course, that's assuming that you are found to be at fault for the damage. If the other guy is at fault, go ahead and let insurance cover it.

 

[T4M3]

I would not worry about bluetooth keys, even if they would drive away, the car is always trackable through the app. They would need to hack into the car's computer so that it does not transmit its location.

 

[terranx]

I would not worry about bluetooth keys, even if they would drive away, the car is always trackable through the app. They would need to hack into the car's computer so that it does not transmit its location.

Or just unplug the gps and cellular antennas.

 

[nurusz]

You can use the phone as NFC key like the Tesla card

 

[fholbert]

My home owners has trippled over the last 3 years, car insurance is up too. I definatly don't want higher rates, or to get dropped for using my insurance and have to switch to something more expensive.

Tripled? I find that hard to believe.

You must have had a claim(s). My California insurance (autos, home, plane) have pretty held the same. Auto down $400, house up $150, plane up $200.

Not sure why auto went down other than the cars are a year older?

 

[ucmndd]

Tripled? I find that hard to believe.

Absolutely possible (and common) in areas of high wildfire risk, including Escondido.

 

[gsmith123]

You can use the phone as NFC key like the Tesla card

You can use an Android phone as an NFC key. Not iPhone. Bit of an important detail.

 

[_TLA_]

Some important facts to consider if you're concerned with your Tesla getting stolen

1) Of all makes/models, Tesla M3/Y are the least stolen cars
2) For a BT relay attack, attacker must be within 15ft of victim's BT device, *AND* 15ft of the car
3) Tesla recently implemented UWB which maybe a step towards better protection against a relay attack
4) This vulnerability can be easily mitigated by implementing Pin to Drive which is currently opt-in. If the relay attack become a real problem then Tesla could issue an OTA that would make Pin to Drive opt-out or even mandatory.

Most of the articles I've read about Tesla's being vulnerable to BT relay attacks really do not emphasize these important points, all the headlines focus on Tesla's being vulnerable.

What's important to me is that Tesla takes security seriously, they have good security practices, they actively seek new vulnerabilities (example, pwn2own) and when they are discovered they address them quickly through OTA updates.

 

[jjrandorin]

Absolutely possible (and common) in areas of high wildfire risk, including Escondido.

Yeah my home owners insurance went from like 1800 to 3000 and it was because the insurance companies re drew the fire maps. I was just "outside" the high fire risk map, now I am just "inside" it, and my house obviously didnt move, lol.

Not much I can do about it, as I am not moving insurance companies at this point due to how insurance is working in CA right now.

 

[drtimhill]

I have been reading allot of articles lately that say the model 3 (even the new one with UWB) are susceptable to radio relay attacks, and BLE relay attacks.
I have an older model 3 (2018). I don't think there is any fix for non-highland models?

However most articles are just repeated news (not primary source) and don't go into enough detail for me to understand the actual problem. Is the bluetooth hack actually a thing or are they talking about keyfob attacks or something else?

Is there a way to disable the bluetooth as a key option? (just delete all the bluetooth keys?).

Should I instead use the key card to unlock / lock and drive the car from now on, or is that just as susceptable if someone is using one of these relay attack devices?

Thanks!

If you are worried, use PIN to drive.

The actual hack is a relay attack, which means someone has to get close to YOU with the relayafter they placed a device close to your car .. the relay then acts as an forwarder between your car and phone, making the car think your phone is close by and unlock. There is no easy fix to this, since it does not involve cracking encryption etc. You will have to judge the risk yourself, but its quite low unless you park your car on the street AND someone knows where you live AND they can get close enough to your phone for the relay to be effective.