Time to start using your PIN to drive...

[nvx1977]

I'm actually really surprised that something like this surfaces almost 5 years after Model 3's release. Around that time, there was quite a bit of publicity of people being able to steal Model S and X just by being in proximity of the keyfob. It's no secret that Model 3 was using BLE for phone-as-key. If this was a known weakness of BLE, why did it take so long for someone to demonstrate an exploit?

Also worth calling out that despite the exploit for S and X being easier to execute, we never saw any significant amount of thefts.

Not sure I'm concerned enough to use PIN to Drive, although my wife does have PIN enabled on her 2014 S.

 

[Twiglett]

I'm actually really surprised that something like this surfaces almost 5 years after Model 3's release. Around that time, there was quite a bit of publicity of people being able to steal Model S and X just by being in proximity of the keyfob. It's no secret that Model 3 was using BLE for phone-as-key. If this was a known weakness of BLE, why did it take so long for someone to demonstrate an exploit?

Also worth calling out that despite the exploit for S and X being easier to execute, we never saw any significant amount of thefts.

Not sure I'm concerned enough to use PIN to Drive, although my wife does have PIN enabled on her 2014 S.

right - the Venn diagram for car thieves and technologists who plan stuff out is a pretty small overlap.

 

[wknickless]

Just don't use "0000" lol

Or "00000000" for your nuclear missiles.

Air Force Swears: Our Nuke Launch Code Was Never '00000000'

For nearly a decade, an awkward debate has raged about the U.S. military's nuclear force: Did top Air Force officials really choose "00000000" as a…

foreignpolicy.com

 

[Undecided_2]

The rising car crime in the U.K. is stripping cars of parts not taking the actual car. Stolen parts are incredibly hard to prosecute and thieves typically end up having them returned to them. Insane.

Some people have had parts stolen several times. One owners house cam recorded two people removing the front seats and steering wheel in under 30 seconds after unlocking the car.

P2D is the least of my worries here!

 

[Twiglett]

around this part of the world the curtain twitchers are only moving the curtains to make room for the gunsight

 

[wknickless]

around this part of the world the curtain twitchers are only moving the curtains to make room for the gunsight

And if you think Twiglett is joking:

Reference: Texas Castle Law Doctrine | Self Defense

 

[nvx1977]

around this part of the world the curtain twitchers are only moving the curtains to make room for the gunsight

and New Hampshire says hi.

 

[Twiglett]

and New Hampshire says hi.

View attachment 806666

wow - a silver model 3, must be an early one

 

[BobDolesGhost]

wow - a silver model 3, must be an early one

I got 1 too , see sig(pun intended hah). I'm proud to be different

 

[BobDolesGhost]

ummmmm, I hope you keep it locked in a safe. Pretty dangerous. Smash and grab, now your gun is on the street, no bluetooth hack needed.

Not trying to start any debate, just sayin.

Its very out of site. I'm not sure what a (practical)safe in a car would do. Thieves would just take the safe and get in it later I'd think.

 

[Tinkerin]

I’m no coding genius, But it seems like this BLE threat could be thwarted by having the Tesla phone app geo-fence the car. BLE could be disabled for the Tesla app unless it is close to the car. The phone app would know the location of the car when you parked it. If the phone was unable to fix a location when you park (no GPS signal for instance) then you would need to open the app when next to the car to enable BLE manually to unlock the car.

Even so - the threat would require a lot of coordination between two people. If the BLE on the Tesla phone app was always disabled when not near the car, The offending BLE relay would not have enough to handshake.

 

[wknickless]

I’m no coding genius, But it seems like this BLE threat could be thwarted by having the Tesla phone app geo-fence the car. BLE could be disabled for the Tesla app unless it is close to the car.

Another approach is “time of flight” between the car and the phone. The idea is that if the phone is close to the car then the radio propagation time (essentially the speed of light) will be less than if the phone is a longer distance away and is being amplified by an attacker.

Reference: https://ieeexplore.ieee.org/document/8480847

 

[CyberGus]

Any reason we can't have "voice authorization" instead of a PIN? Alexa can distinguish between voices.

 

[SilverString]

Any data on how many Teslas are stolen vs other brands? Something tells me it's far less than any other brand percentage-wise, and being that they are desirable to so many people, any real threats would have already been exploited.

 

[CyberGus]

Any data on how many Teslas are stolen vs other brands? Something tells me it's far less than any other brand percentage-wise, and being that they are desirable to so many people, any real threats would have already been exploited.

1. Nissan Altima. Thefts: 1,732. ...
2. Chevrolet Pick-Up (Full size) Thefts: 1,447. ...
3. Toyota Corolla. Thefts: 1,295. ...
4. Chevrolet Malibu. Thefts: 1,175. ...
5. Ram Pick-Up (Full size) Thefts: 1,118. ...
6. Toyota Camry. Thefts: 1,041. ...
7. Hyundai Elantra. Thefts: 989. ...
8. Jeep Cherokee/Grand Cherokee. Thefts: 876.

The problem with stealing Teslas is that they have GPS and LTE. They will find you. To be useful, a stolen Tesla must be parted out, or have the networking disabled (no more mapping or updates), or sent to a country that DGAF.