Teslas can still be stolen with a cheap radio hack despite new keyless tech
Teslas can still be stolen with a cheap radio hack despite new keyless tech
Tesla owners should enable PIN-to-drive protection to thwart relay attacks.
I think that this kind of tech is just fundamentally insecure. I can't think of a way to secure it, at least not against gaining entry to the vehicle. And making it secure against driving away (by requiring it to continue to respond to changing cryptographic pings as you drive) opens the door to people being able to use jammers to disable your vehicle remotely. Maybe if they have a special Faraday cage place that you put your fob into, but at that point why not just use a key? Or just require a button press like the key fobs have for decades.
Oh and depending on the latency allowances for responding to pings, it might just be possible to leave a device in the vicinity of the key and relay it over the internet, so even that just increases the difficulty of defeating it a bit.
Same thing also applies to wireless keycards for secure entry, though I think the range for those is generally lower, so it would be more difficult to pull off.
The only thing I can think of is having incredibly tight timing on a challenge/response. With ~10 nanosecond level precision, it's not physically possible for em waves to travel more a few meters before the time is up.
Potentially better idea, add a gyroscope to the key fob, and stop broadcasting after the fob is perfectly still for some threshold. That way when you set it down inside it can’t be relayed, but if it’s in your pocket, it won’t remain perfectly still, and will start transmitting. Could also add an IR blaster to detect if you set it down in the car. Battery life would start to become a bigger issue, but I think solutions to these problems could be engineered.
And making it secure against driving away
They have "pin to drive" so you can't drive even if you've gained access to the vehicle, without entering the pin-code first.
How about just having a button on a fob/phone which initiates comms, like in the good old days. You can't relay the signal if there isn't one till you press the button. But that isn't sexy and it's too similar to traditional cars, so they won't do it.
This is the best summary I could come up with:
For at least a decade, a car theft trick known as a “relay attack” has been the modern equivalent of hot-wiring: a cheap and relatively easy technique to steal hundreds of models of vehicles.
But when one group of Chinese researchers actually checked whether it's still possible to perform relay attacks against the latest Tesla and a collection of other cars that support that next-gen radio protocol, they found that they're as stealable as ever.
In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment.
Instead, a hacker's device near the car has, in fact, relayed the signal from the owner's real key, which might be dozens or hundreds of feet away.
Or, as GoGoByte researcher Yuqiao Yang describes, the trick could even be carried out by the person behind you in line at a café where your car is parked outside.
“That's how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.
The original article contains 437 words, the summary contains 220 words. Saved 50%. I'm a bot and I'm open source!
“That’s how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.
That makes me laugh.
Just to be able to push a button to start you car, you have to keep your keys in a faraday bag or in the Freezer. That's just silly