Security of Phone/Card/Key?

[EV1980]

Currently I make use of a faraday pouch in the hope it prevents my car from being nicked off my driveway. How do Tesla owners secure their key cards and phones against the signal stealing tech that car thieves favour?

Does anyone use faraday pouches or metal tins to block the signals or is there a cleverer method of ensuring security that i'm yet to learn?

 

[Gumball]

The signal from the keycards is virtually non-exist, they work with a nfc chip, and really have to be a centimeter or less from the reader to work.

 

[kelvin 660]

For 3 & Y's; I believe that the Tesla fob has a "time-out" feature, so unless stolen is dumb to relay attacks. The cards use NFC technology, so unless stolen is not subjected to relay attacks, due to it needs to be within a few cm of the car. Using the phone as a key is fairly secure (unless the phone is stolen) and you can turn off Bluetooth when a sleep, etc. (automatically using apps) if you are really concerned. Setting PIN to drive, is going to stop someone driving off in the car, however it won't stop it being lifted onto a low loader...

Note: It has been shown that it is possible to relay attack a 3 or Y but it does need special equipment that is not readily available, yet...

 

[EV1980]

Thanks for your replies! Sounds like I can sleep contentedly without needing to put my wallet and phone in a big ol' faraday sack!

 

[DeejUK]

I use a faraday pouch by the front door for our '17 MX, and have PIN-to-drive enabled. Also installed CCTV overlooking the drive when we ordered the car.

 

[GRiLLA]

I definitely think you should carry your phone in a faraday case and then enjoy the silence

Enable Pin to Drive is the most important thing, a second layer of security doubles the challenge.

 

[Lord Farquad]

Pin to Drive is the main thing to enable, which should make the car much more secure.

 

[Zilla91]

Pin to drive is all good and well but if Tesla want to go one better they should enable 2FA. Now that would be the ultimate piece of security

 

[DeejUK]

Pin to drive is all good and well but if Tesla want to go one better they should enable 2FA

Technically, that already is two-factor authentication: something you know (PIN), and something you own (key).

 

[EV1980]

I definitely think you should carry your phone in a faraday case and then enjoy the silence

Now there's a good idea!

 

[Zilla91]

Sure but you can steal one and guess the second - no different to someone pinching your bank card. A 20th century solution.

2FA using an authenticator app will be infinitely more secure as the code will be unique and only last 30 seconds.

 

[WllXM]

Sure but you can steal one and guess the second - no different to someone pinching your bank card. A 20th century solution.

2FA using an authenticator app will be infinitely more secure as the code will be unique and only last 30 seconds.

Having to authenticate through an app on your phone or with a text every time you want to shift the car in Drive would just be massively impractical.
Nothing is 100% steal-proof, it's a matter of deterrence and time.
The only alternative solution I would consider on the market right now is the fingerprint reader on the Genesis

 

[srichards]

2FA with a NFC device like an apple watch, fitbit with it, etc?

An app is a poor solution as they're unreliable. It needs to be a physical device that doesn't rely on internet or anything else. Anything involving picking up a mobile phone will being in the car could also cause legal issues.

 

[Skie]

My voice is my password

 

[DeejUK]

2FA using an authenticator app will be infinitely more secure as the code will be unique and only last 30 seconds.

I don't believe that to be true. If you have the app, you have the seed that generates those codes. The timed part of TOTP is to prevent man-in-the-middle attacks where an intercepted value could be used multiple times - in that attack vector, the malefactor doesn't have the thing-you-own. If you're suggesting people authenticate with PIN, key, and phone, then that'd be three-factor authentication. Anything above 2FA has diminishing returns, as the solution is more inconvenient for legitimate usage, and if someone's stolen one thing you own, they'll probably steal two things you own.

There's the matter of getting access to the app would presumably require authentication with your phone, at which point we're laying auth over auth. I figure most people have biometric authentication for their phones, which is reasonably convenient if we're going to introduce a third thing you own (the phone and the TOTP seed) and a fourth (your face/finger).

 

[Jason71]

The signal from the keycards is virtually non-exist, they work with a nfc chip, and really have to be a centimeter or less from the reader to work.

I don't want to split hairs but. Its not virtually non existent its litterally non existent, until the card is placed on the reader.
not saying you could not do a relay attack with a card ( someone did a demo to show it was possible, Tesla vehicles can be stolen with new relay attack, but there's a two-inch caveat) but you would have to be standing next to the person with the card with a reader pressed to their leg where their wallet with the card in was. Its not something to lose sleep over.
No way to do it standing outside someone's house.

 

[JHWL]

I have an issue with my phone key being able to unlock my door whilst I'm inside my house and the car is parked on the driveway. Maybe my phone broadcasts Bluetooth too strongly, the walls are too thin, or the Tesla is too sensitive but while my app says the car is locked if my phone is in the adjacent room, anyone outside could in practice open the doors and boot.

So I use the PIN to Drive and Tasker to turn off my phone's Bluetooth overnight for some added peace of mind. Key card in a NFC blocking wallet which everyone should have anyway to block contactless payments in crowded environments.

 

[yessuz]

just to throw spanner into works:

If someone really (REALLY) wants to steal your car, nothing will stop them

 

[Burley]

I have an issue with my phone key being able to unlock my door whilst I'm inside my house and the car is parked on the driveway. Maybe my phone broadcasts Bluetooth too strongly, the walls are too thin, or the Tesla is too sensitive but while my app says the car is locked if my phone is in the adjacent room, anyone outside could in practice open the doors and boot.

So I use the PIN to Drive and Tasker to turn off my phone's Bluetooth overnight for some added peace of mind. Key card in a NFC blocking wallet which everyone should have anyway to block contactless payments in crowded environments.

are you able to open the car when your phone is in the house though? My phone key is often connected to the car when the phone is indoors, but the car won’t open as it can tell how far the phone is from the car - I think it uses signal response time or some such to estimate the distance. Even when outdoors, if my phone is more than 3m away from the car it won’t open the doors even though the Bluetooth key is connected.

 

[GRiLLA]

are you able to open the car when your phone is in the house though? My phone key is often connected to the car when the phone is indoors, but the car won’t open as it can tell how far the phone is from the car - I think it uses signal response time or some such to estimate the distance. Even when outdoors, if my phone is more than 3m away from the car it won’t open the doors even though the Bluetooth key is connected.

Some Android phones seem to keep the car unlockable from much longer distances than others, iPhones seem to be more consistent and only allow the car to unlock very close. If you have this problem I would just buy the keyfob and remove the phone key from your phone, it works consistently and reliably.