Video of a Model S being stolen in the UK

[.jg.]

As I understand the hack, they still have to decrypt the old 40-bit key to relay which is not hard to do with a "rainbow table" of sorts. If so, the 80-bit encryption seems like it would help immensely. Do I not understand this hack correctly?

That is a different hack (not yet seen "in the wild") in which a fob with a 40 bit key is cloned. Turning off Passive Entry may not be enough to prevent the initial stage, where codes are collected from the car, because the car still transmits towards the fob for "Walk-away Door Lock" and probably, to detect if the fob is still in the car. One person can collect codes from the car and then from the fob. Once complete, the hacking device can act as a fob.

The exploit used in this video is an old one, that has been used against many types of cars which have passive entry. One person stands near the car, holding a device which will relay the car's transmissions to another person with the second device. The second device has a larger antenna and the aim is to relay the car's transmissions to the fob, over some distance. The fob responses (of whatever key length) are relayed to the device near the car and the car is fooled into thinking that the fob is nearby and unlocks. The fob is not cloned and only works if passive entry is enabled. This method is only used once to open and start the car - once the criminals have drive the car away, they would no longer be able to unlock or start the car.

 

[f205v]

With P2D is "disable passive entry" really needed?

 

[brkaus]

With P2D is "disable passive entry" really needed?

Can still gain access to inside of car. Users choice.

 

[Fred Thompson]

Does Tesla allow the remote access to be pin or password protected? If not that should be considered for a future release. With remote access pin or password protected, the thieves would not of been able to turn off remote access and Tesla could of tracked the vehicle.

 

[swegman]

If you disable passive entry and use PIN to drive, you may as well revert to the old fashioned key to get in a car and drive. The whole point of the Tesla fob was to be able to carry it in your pocket and never have to pull it out of the pocket to use. Tesla’s solution of disabling passive entry and using a PIN negates the convenience feature they advertised when the car came out. It is more cumbersome to put the fob in a fayaday cage and remove it when you want to get in the car and then use a PIN to drive than reverting back to the old style key with a chip therein, like GM used at one time. The solution is to implement a system that does not impact on convenience while being secure.

 

[brkaus]

Does Tesla allow the remote access to be pin or password protected? If not that should be considered for a future release. With remote access pin or password protected, the thieves would not of been able to turn off remote access and Tesla could of tracked the vehicle.

It’s straightforward to jam the gps signal and the lte data signal.

 

[edlin303]

Tile is only useful if it comes by a phone with tile tracking enabled. Way overhyped if you ask me.

I didn’t even know that it worked with other phones running their sw, so to me it’s better than nothing. And a good way to use the tile I got at a convention, since attaching it to my keys has always seemed pointless. If I never have to test out its efficacy I’ll be plenty happy.

 

[berkeley_ecar]

I'm baffled as to why you think a bluetooth tile will help at all. The transmission range of bluetooth is so short that you'd have to be next to the car to receive a signal, in which case you've already found the vehicle.

 

[f205v]

The point is that with Tile ANY bluetooth phone with their app will find your car, not just only you.

 

[iCharge]

The point is that with Tile ANY bluetooth phone with their app will find your car, not just only you.

The Tile is useless when it comes to vehicles.
If you can afford a 75K+ car, get a GPS Tracker and either install it in a hidden place yourself, or get it done professionally.
https://www.amazon.com/Optimus-Trac...srs=14341042011&ie=UTF8&qid=1540315104&sr=8-2

If you wish to save $$ or hate paying subscription fees, Hack an iPhone, hard wire it with power bank, put it on a cheap prepaid plan, hide it well, and use find my iPhone ;-)

 

[berkeley_ecar]

The point is that with Tile ANY bluetooth phone with their app will find your car, not just only you.

Huh?!? All bluetooth devices that I am aware of require a pairing event between the device and the computer it is supposed to communicate with. Unless Tile has somehow bypassed this requirement (very doubtful), and every instance of the the app communicates with all Tile devices, and the app somehow then communicates with a central server every time it gets within range of a Tile, and the server then communicates with you, this is useless. This would require a unique ID for each Tile that was registered to you on the central server (with contact information to reach you), and coordination with the location services on the device running the app, to provide a geographic fix. I don't believe Tile was set up in this fashion.

 

[cpa]

Please explain this concept. "A" stands next to my car in a parking lot with some sort of device that (amplifies) some radio wave,correct? Or does it not amplify it but change its frequency?

Meanwhile, I am 250 yards away in a movie theater. So, "A" will be able to steal my car?

Or, I am 75 yards away in a restaurant.

Or, I am in my motel room 10 yards away.

Then y'all start talking about bluetooth--does bluetooth have any relevance to the theft of the car? I thought the fobs were not bluetooth. This just confuses the issue for those of us who have no idea how this S was stolen.

 

[.jg.]

Please explain this concept. "A" stands next to my car in a parking lot with some sort of device that (amplifies) some radio wave,correct? Or does it not amplify it but change its frequency?

Meanwhile, I am 250 yards away in a movie theater. So, "A" will be able to steal my car?

Or, I am 75 yards away in a restaurant.

Or, I am in my motel room 10 yards away.

Then y'all start talking about bluetooth--does bluetooth have any relevance to the theft of the car? I thought the fobs were not bluetooth. This just confuses the issue for those of us who have no idea how this S was stolen.

The relay method uses two people - one stands next to your car, the other stands near to your fob - but, depending on the antenna on this second device, "near to your fob" could be 10 - 20 yards away. The second person could follow you, with the device in a bag, until the person at the car reports that the car is open. The two devices simply relay the transmissions between the car and the fob, acting as range extenders.

Bluetooth is not involved. The car transmits towards the fob using RFID at 134.2 kHz and the fob sends to the car at 433.92 MHz in Europe or at 315 MHz in North America.

 

[cpa]

The relay method uses two people - one stands next to your car, the other stands near to your fob - but, depending on the antenna on this second device, "near to your fob" could be 10 - 20 yards away. The second person could follow you, with the device in a bag, until the person at the car reports that the car is open. The two devices simply relay the transmissions between the car and the fob, acting as range extenders.

Bluetooth is not involved. The car transmits towards the fob using RFID at 134.2 kHz and the fob sends to the car at 433.92 MHz in Europe or at 315 MHz in North America.

Thank you for your response.

To summarize: This technique needs two people. One to stand by the vehicle, and one to follow the unwitting owner surreptitiously carrying some sort of device that boosts the range of the fob/car communication.

Bluetooth has nothing to do with this. Perhaps all this debate about bluetooth should be moved elsewhere.

 

[.jg.]

Bluetooth was mentioned because it is used by the Tile device that was discussed, as an alternative means to locate the car, if the thieves have disabled the cellular network and therefore, tracking by Tesla - but yeah, it is unrelated to the relay exploit used by the thieves.

 

[f205v]

Huh?!? All bluetooth devices that I am aware of require a pairing event between the device and the computer it is supposed to communicate with. Unless Tile has somehow bypassed this requirement (very doubtful), and every instance of the the app communicates with all Tile devices, and the app somehow then communicates with a central server every time it gets within range of a Tile, and the server then communicates with you, this is useless. This would require a unique ID for each Tile that was registered to you on the central server (with contact information to reach you), and coordination with the location services on the device running the app, to provide a geographic fix. I don't believe Tile was set up in this fashion.

You are right and I was wrong.
The Tile devices has to be coupled with a specific phone and be in a 300yards range to work.
Useless for a stolen car.

 

[anonim1979]

Keyfobs (for ANY car) need a motion sensor inside.

You put the fob away and after 1 minute it turns itself off = no signal. Nothing to amplify, nothing to relay, nothing to clone. You can sleep soundly at night.

No more relay attacks:

 

[JohnnyG]

Included now with all new Teslas. Problem solved... <mic drop>

 

[JohnnyG]

Huh?!? All bluetooth devices that I am aware of require a pairing event between the device and the computer it is supposed to communicate with. Unless Tile has somehow bypassed this requirement (very doubtful), and every instance of the the app communicates with all Tile devices, and the app somehow then communicates with a central server every time it gets within range of a Tile, and the server then communicates with you, this is useless. This would require a unique ID for each Tile that was registered to you on the central server (with contact information to reach you), and coordination with the location services on the device running the app, to provide a geographic fix. I don't believe Tile was set up in this fashion.

That is precisely how Tile works...

They are using BLE 4.0, which doesn't require pairing to be able to identify itself to your phone. Each Bluetooth device has always required a unique ID (MAC address). The Tile Pro has a radius of up to 300 feet. Any phone that has the Tile App (and presumably BT & GPS enabled) within range of a Tile will identify it (they do not need to communicate with each other), note it's GPS location, and transmit that to the Tile mothership. The mothership will cross reference that Tile's unique ID with its registered owner, and transmit the location data to the owner.

I'm not advocating this as a best solution for tracking a vehicle, but that is precisely how Tile works.