Speak EV - Electric Car Forums banner

1 - 20 of 25 Posts

·
Registered
Joined
·
355 Posts
Discussion Starter #1
Got an email from Tesla today that looks (to me) like an admission there is a security risk :

We would like to share some tips for ensuring the safety of your Tesla. When enabled, our Passive Entry setting will automatically unlock the doors of your Model S when you approach it with your key. Relay attacks, a type of vehicle break-in that can be targeted at vehicles from many manufacturers including Tesla, allows an attacker to transmit a signal from your key in one location to your car in another location, thereby creating the potential for unauthorised access and entry.
You can decrease the likelihood of unauthorised entry by disabling Passive Entry when parked in public spaces or storing your key in a holder which blocks electromagnetic transmissions, such as a RFID-blocking sleeve or Faraday cage.
To disable Passive Entry, touch Controls > Settings > Doors & Locks > Passive Entry > OFF. Please note that you must press the brake pedal to power Model S on before you can change this setting.
Advising that we should deactivate passive entry in "public spaces" is weird, its implying we have some weird obligation to judge whether there is a car thief around .... come on.

I don't really understand why Tesla can't stay ahead of the hackers by using proper encryption / 2 factor authentication for new devices or something else more clever than I can think of ... disappointing.

Chunkers!

J
 

·
Registered
Joined
·
2,611 Posts
I don't really understand why Tesla can't stay ahead of the hackers by using proper encryption / 2 factor authentication for new devices or something else more clever than I can think of ... disappointing.
In this case 2 factor would mean you doing something like pressing a button on your key fob to open your car, so switching off passive mode is doing exactly what you want.
The key fob comms are already encrypted, the thieves are just boosting the signal so you don't have to be close to the car for them to passively open it.

EDIT: I disabled the easy open system on my Nissan as I saw it as a security risk. In this day and age we have to balance security with convenience. Sometimes we have to lose a bit of convenience to have a little more security.
Oh, and they could just smash a window if they wanted something
 

·
Registered
Joined
·
12,869 Posts
If you don’t want to turn off passive entry, just get a sheilded box to put your keys in when you’re not using them.

I wonder if the Model 3 system is susceptible to the same relay attack?
 

·
Registered
Joined
·
12,869 Posts
Isn't the 3 an RFID type card? I would think it isn't susceptible as you have to pretty much touch the pillar to get t to work don't you?
That’s the reversionary mode. The primary mode is via the iPhone app.

There are rumours that this feature is coming to the X.
 

·
Premium Member
Joined
·
10,576 Posts
The primary mode is via the iPhone app.
There is one for Android too ;) and Model 3 uses Bluetooth LE which is harder to hack because the key exchange is bidirectional.

The problem with "traditional" keyless is that it only requires a one-way relay, from car to key. They key is powerful enough to reach the car from a considerable distance, but not (for example) from a restaurant to the multi story car park. This is why the attack is mostly targeted at homes as the keys are often in the hall.
 

·
Registered
Joined
·
2,418 Posts
I think they could have worded it better tbh. It is an industry-wide problem, and Tesla provide a (unique?) method for the owner to protect their car by allowing them to decide whether Passive Entry should be off (default) or on.
 

·
Moderator
Joined
·
9,719 Posts
Tesla provide a (unique?) method for the owner to protect their car by allowing them to decide whether Passive Entry should be off (default) or on.
You mean the noddy thing that Renault do already (which is the easiest way to defeat these attacks) don't even have to mess about with menus...

If car locked by button press, it can only be unlocked by a button press.
 

·
Registered
Joined
·
2,418 Posts
You mean the noddy thing that Renault do already (which is the easiest way to defeat these attacks) don't even have to mess about with menus...

If car locked by button press, it can only be unlocked by a button press.
Just saying that Tesla allow you to switch Passive Entry on if you want it - pretty sure there's a warning message when you do that.

What do Renault do?
 

·
Banned
Joined
·
4,591 Posts
I don't really understand why Tesla can't stay ahead of the hackers by using proper encryption / 2 factor authentication for new devices or something else more clever than I can think of ... disappointing.
Would you rather these guys took your car without waking you up, or stick a knife in your face on your way to work??

Baby left in back of carjacked Audi is dropped at Birmingham health centre by thieves

These professional gangs aren't nicking cars for fun, they are determined and ruthless - with their income directly related to how good they are at their job, a bit like car dealers but without the fake smile. In some parts of the UK having a nice car on your driveway is pretty much like having a target painted on your door.

One of my colleagues had their house broken into because of their new Q5, they didnt find the keys. 2 weeks later they broke in again but did find the keys.

Personally if someone wants to nick a car that badly just let them, its only a car and thats why we have insurance. There will be a few people who will claim they'll be up for a fight to keep the car, but a knife to the chest is hardly worth the hassle of an insurance claim.

Nearly every house in my parents street (Zone 3 North London) have been broken into in the last 6 months (my parents included - twice, each time they were soley looking for jewlery/keys, didn't even take the laptop/iPads). Its not a coincidence the most expensive car on the street is only worth about £5k despite house prices nearing 7 digits, and my parents now keep their car 100 miles away parked on our drive in Leicester!!

What ever the locking mechanism I woudlnt want a £70k 'steal me' sign on my door if I lived in London. A Zoe though am sure will be fine:).
 

·
Registered
Joined
·
2,418 Posts
I already said?!?!

If car locked by button press, it can only be unlocked by a button press.
Yeah, I read that, but wasn't sure how it is different to a Tesla with passive entry disabled*. Or any other non-PE car.

* Excepting app control, of course, but the tealeafs need your login details, which are (probably) as difficult to get as stealing the car key.
 

·
Registered
Joined
·
355 Posts
Discussion Starter #17
I only just deactivated Passive entry myself, here are a couple of things I discovered (that I am guessing everyone else already knew)
  • I had to put my foot on the brake pedal at a standstill to "ungrey" the option to switch off passive entry, initially I couldn;t understand why I could see, but not change the option
  • Single click the top of the remote to lock, double click to unlock (the double click still catches me out)
  • Car will still auto-lock if you forget to manually lock as long as you still have it enabled in security settings
  • If you get out of the car and get back in, even if the doors have been open the whole time then you seem to need to double click again to allow you to start the car, this feels pretty dumb when you sitting in the driving seat fumbling for your remote.
  • It's really annoying going back to this if you have got used to passive entry, and YES its better than getting your car nicked but its still a great feature which we have now lost - I feel like smart engineering could eliminate this risk but Tesla are probably more busy trying to make something much less important work, like AP2 ...
I mean, in marketing terms the car still has keyless entry right? It's just not wise to use it unless you want your car nicked......

Grumpy signing off ......... o7

J
 

·
Registered
Joined
·
13,364 Posts
I only just deactivated Passive entry myself, here are a couple of things I discovered (that I am guessing everyone else already knew)
  • I had to put my foot on the brake pedal at a standstill to "ungrey" the option to switch off passive entry, initially I couldn;t understand why I could see, but not change the option
  • Single click the top of the remote to lock, double click to unlock (the double click still catches me out)
  • Car will still auto-lock if you forget to manually lock as long as you still have it enabled in security settings
  • If you get out of the car and get back in, even if the doors have been open the whole time then you seem to need to double click again to allow you to start the car, this feels pretty dumb when you sitting in the driving seat fumbling for your remote.
  • It's really annoying going back to this if you have got used to passive entry, and YES its better than getting your car nicked but its still a great feature which we have now lost - I feel like smart engineering could eliminate this risk but Tesla are probably more busy trying to make something much less important work, like AP2 ...
I mean, in marketing terms the car still has keyless entry right? It's just not wise to use it unless you want your car nicked......

Grumpy signing off ......... o7

J
Ah!!
Double click to open!!:oops:
 

·
Registered
Joined
·
2,763 Posts
I turned it off for a while and then after dealing with the locking unlocking and press fob to start car malarkey a few times turned it back on. If you jump in the car and drive off it is fine but if not it catches you out and you end up staring at it thinking what?

As per @Jolltax post having lived with the passive entry for about 10 months at that point it was a retrograde step for me. Probably a bit like Model X owners in a Model S loaner waiting for the door to open for them.;)

Not in a high crime area, and while it would be a bit of a ball ache it is only a car, keys are kept far enough away and protected that a passive entry repeater theft unlikely imho.

For me a simple add-on fix would be a 4 digit code on the screen to allow you to drive off when using passive entry. As you jump in it pops up drop the code in and then it is enabled. With of course the option to enable disable as you choose.

Minor inconvenience but certainly would put an end to the issue, and well within Tesla capabilities.
 
1 - 20 of 25 Posts
Top