Video of a Model S being stolen in the UK

[.jg.]

Video of a Model S being stolen in the UK, a few days ago. Passive Entry was enabled and Pin to Drive was not enabled.

 

[berkeley_ecar]

Another precaution is to purchase the new 80-bit keylength keyfobs...

 

[edlin303]

I really like the idea of hiding a tile in the car. I always struggled to think of use cases for them that would help me, and that one seems pretty clever.

 

[kirkbauer]

I really like the idea of hiding a tile in the car. I always struggled to think of use cases for them that would help me, and that one seems pretty clever.

What do you mean a tile?

 

[Muellerj]

Find Your Keys, Wallet & Phone with Tile’s App and Bluetooth Tracker Device | Tile

 

[brkaus]

Tile is only useful if it comes by a phone with tile tracking enabled. Way overhyped if you ask me.

 

[Jhelin]

Another precaution is to purchase the new 80-bit keylength keyfobs...

Wouldn't have helped in this case as the thieves used a relay which makes the owners keyfob talk to the car as if the keyfob was beside the driver door.

 

[iCharge]

Saw this posted on YouTube

Moral: Use PIN to Drive and always put your Fob in Signal Blocking sleeve
This was in UK.
More details are Watch thieves stealing a Tesla through keyfob hack and struggling miserably to unplug it

 

[berkeley_ecar]

Wouldn't have helped in this case as the thieves used a relay which makes the owners keyfob talk to the car as if the keyfob was beside the driver door.

Ah, yes, a relay attack -- so the solution is to store the key at a substantial distance from the car, or (better yet), keep the fob in a RF-blocking container such as a small metal box?. The longer-key-length fob is still a good idea for the decryption attack that has been successful in Europe, no? A bluetooth tile is going to be useless for tracking.

 

[bmah]

Moderator note: Merging two threads discussing the same incident.

Bruce.

 

[Jhelin]

Ah, yes, a relay attack -- so the solution is to store the key at a substantial distance from the car, or (better yet), keep the fob in a RF-blocking container such as a small metal box?. The longer-key-length fob is still a good idea for the decryption attack that has been successful in Europe, no? A bluetooth tile is going to be useless for tracking.

Yep, RF-blocking container or PIN to drive or turning passive entry off would have thwarted these thieves.

 

[KArnold]

Wouldn't have helped in this case as the thieves used a relay which makes the owners keyfob talk to the car as if the keyfob was beside the driver door.

As I understand the hack, they still have to decrypt the old 40-bit key to relay which is not hard to do with a "rainbow table" of sorts. If so, the 80-bit encryption seems like it would help immensely. Do I not understand this hack correctly?

 

[brkaus]

As I understand the hack, they still have to decrypt the old 40-bit key to relay which is not hard to do with a "rainbow table" of sorts. If so, the 80-bit encryption seems like it would help immensely. Do I not understand this hack correctly?

This particular “hack” doesn’t do any decoding. It is amplifying/relaying the existing codes.

The 40 v 80 bit hack that used the rainbow table was effectively making a clone of the key that could be used anywhere.

 

[Jhelin]

This particular “hack” doesn’t do any decoding. It is amplifying/relaying the existing codes.

Yep, this isn't really a hack at all. It's like forwarding mail, you don't have to open the envelope to send it somewhere else.

 

[KArnold]

This particular “hack” doesn’t do any decoding. It is amplifying/relaying the existing codes.

The 40 v 80 bit hack that used the rainbow table was effectively making a clone of the key that could be used anywhere.

They may still be trying to determine the details. But in looking at one site - Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob - it seems to imply the 80-bit decryption is required and more problematic. No?

...They can then run that pair of codes through their hard drive's table to find the underlying secret key—which lets them spoof a radio signal that unlocks the car, then starts the engine....That whole attack chain, the researchers say, is possible thanks to the Pektron key fob system's relatively weak encryption....Based on the research presented by this group, we worked with our supplier to make our key fobs more secure by introducing more robust cryptography for Model S in June 2018.

 

[iCharge]

@mods Thanks for merging.

I think the message is pretty clear, use that PIN, how ever old school it may sound, it works.
And strongly consider turning off Passive Entry.

its really a dance of security vs convenience, same as what we witnessed in the smartphone industry.

 

[iCharge]

I'd rather say, security is a user issue, Tesla **has** provided the means, the user chose not to take advantage of it.

 

[brkaus]

They may still be trying to determine the details. But in looking at one site - Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob - it seems to imply the 80-bit decryption is required and more problematic. No?

100% agree with you. The 80 bit key fob is better and harder to clone. But the clone process is not what they used in this particular theft, or at least it does not look like it to me.

 

[iCharge]

This particular “hack” doesn’t do any decoding. It is amplifying/relaying the existing codes.

The 40 v 80 bit hack that used the rainbow table was effectively making a clone of the key that could be used anywhere.

to me 40 vs 80 is moot point, why add extra cost to an item when user is not using existing features .
see above

 

[iCharge]

100% agree with you. The 80 bit key fob is better and harder to clone. But the clone process is not what they used in this particular theft, or at least it does not look like it to me.

you are correct, this is relay attack, like someone said above, akin to forwarding your mail. dont need to open to forward