-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
"Wired" article about key fob cloning
- Thread starter .jg.
- Start date
-
- Tags
- keyless entry security
Hans-L
Member
This is a different attack than the key relay attack. Reley attack is about extending the signal of the key fob (can be used once, when in proximity of key). This attack copies the cryptographic key of the fob. Can thenafter be used as a normal key!
Good news is indeed that this attack won't work when " Passive entry" has been disabled.
Is it 100% sure this attack will not work with passive entry disabled?
If one has the encryption table, couldn’t the button press be emulated as well?
Or does the car not transmit the car key when it is in passive mode, thus the fob could not be queried?
@brkaus
Cryp·tomer on Twitter
Let's make this clear: disabling passive keyless entry on your Tesla *will not* prevent our attack. If you want to secure your car you must enable the 'pin to drive' option.
Cryp·tomer on Twitter
Let's make this clear: disabling passive keyless entry on your Tesla *will not* prevent our attack. If you want to secure your car you must enable the 'pin to drive' option.
f205v
Member
I think there are 2 different considerations here:
1) if the hacker has NOT YET attacked you (i.e. extracted the crypto key from the rainbow table), and you disable Passive Entry, then the hacker can not perform the attack.
2) if the hacker has ALREADY attacked you (i.e. he has a copy of the crypto key) and he is simply waiting for the right moment to steal your car, and you disable passive Entry, then the hacker can enter your car whenever he likes.
This makes sense. Even when Passive Entry is disabled, the car will only start if it detects the fob inside the car. If the car is looking to locate (and identify) the fob, it must be transmitting signals towards the fob => a similar weakness as with Passive Entry.
I just called my insurer here in the UK - they are Directline, who have a special deal with Tesla. The lady at Directline said they would prefer that Tesla cars insured with them have the new higher encryption key fob. She did not say it would be a requirement. I would not be surprised if insurers started charging higher premiums for cars with the 40 bit fobs - at least, in Europe.
Times might have changed but when I replaced my P85 fob (hot tub incident), they had to replace both (or so I was told) and only the new keys would work (I was told the car only supports 2 fobs active).just make sure your old fobs are removed / deactivated from the car once you have the new ones
Tech_Guy
ALWAYS IN LUDICROUS MODE! P90D>P100D Upgrade
Went in today for my service appointment to address this and they were aware of the new keys. Unfortunately they were unable to get my car to recognize them and they suspect it might be a future software update before these can be replaced.
Reeler
Decade of Pure EV Driving
JohnnyG
Weee!
Tech_Guy
ALWAYS IN LUDICROUS MODE! P90D>P100D Upgrade
Hi, in Germany Tesla will charge each upgraded key fob with ~350 Euros (US$~410), at least that was the number I was told when calling earlier this week.
I hoped deactivating passive entry would prevent the car from polling the fob at all. That was shattered when reading the twitter messages (thanks to E-Ryc finding/linking to them!). I hoped that the disabling of the immobilizer would result in polling for the key fob presence with much less strength in order to ensure the key is in very close proximity. But I won't rely on that.
Since the issue is known to Tesla since August 2017, I now better understand some of the information send out in between. I wonder when Tesla is issuing a revised statement, emphasizing that the relay attack can be mitigated by deactivating passive entry and/or upgrading to the new key fob. And also addressing what one needs to do to prevent theft, again by deactivating passive entry and activating pin2go. And to minimize the risk of cloning your key fob by constantly putting it into a Faraday pouch and only get it out to open the car and "start" it. Also I love to see a statement from Tesla about the new upgraded key fob rendering the key fob cloning useless.
With a clear statement from Tesla, I can better consider which feature to use and to rectify the ~700 Euros (US$~820) to upgrade the key fobs...
@oaito
My impression from their statement is that disabling passive entry prevents relay attack but doesn't prevent fob cloning. But of course I may be wrong.
Back in "communist" time, we (our parents) used to "secure" the cars by removing spark plug cable. Maybe it's time to start securing "smart" cars by pulling out some relay or so...
My impression from their statement is that disabling passive entry prevents relay attack but doesn't prevent fob cloning. But of course I may be wrong.
Back in "communist" time, we (our parents) used to "secure" the cars by removing spark plug cable. Maybe it's time to start securing "smart" cars by pulling out some relay or so...
ive turned on my pin. I guess I can live with it for now. they should offset the keypad slightly each time to prevent a bad guy from just looking at the screen from an angle to guess the digits. (and perhaps allow users to use 4-6 digits depending on how much they want security vs convenience).
I wonder if they can do something with the phone Tesla app in proximity of the car to forego the pin?
TaoJones
Beyond Driven
Has anyone in North America with a car hatched prior to June of this year successfully been able to get upgraded fobs from a Service Center?
I was told ytdy at a Service Center that they could not provide upgraded fobs even now and were awaiting "a future software update". When I noted that a price of $130/fob had been quoted, they asked me to have the friends that were quoted same to provide VINs (last 6 digits only) so that they could escalate. Naturally, said friends are vacationing for the next 6 weeks and I'm not going to pester them in the meantime.
Soooooooooo if anyone's actually been successful with this for a Model S, I'd love to hear about it. Thanks.
Meanwhile, I guess I'll disable passive entry, but I won't use PIN to Drive anymore, having just had an MCU fail/get replaced. Hastening the premature death of the touchscreen with thousands of extra taps/year (PtD means 3 entries per stop to enable Valet mode and then remove it - that's at minimum 15 taps, times, say, 5 stops/day...) is not my idea of a good time when 50K miles is around the corner.
I was told ytdy at a Service Center that they could not provide upgraded fobs even now and were awaiting "a future software update". When I noted that a price of $130/fob had been quoted, they asked me to have the friends that were quoted same to provide VINs (last 6 digits only) so that they could escalate. Naturally, said friends are vacationing for the next 6 weeks and I'm not going to pester them in the meantime.
Soooooooooo if anyone's actually been successful with this for a Model S, I'd love to hear about it. Thanks.
Meanwhile, I guess I'll disable passive entry, but I won't use PIN to Drive anymore, having just had an MCU fail/get replaced. Hastening the premature death of the touchscreen with thousands of extra taps/year (PtD means 3 entries per stop to enable Valet mode and then remove it - that's at minimum 15 taps, times, say, 5 stops/day...) is not my idea of a good time when 50K miles is around the corner.
@TaoJones taps don’t do much to the MCU. I wouldn’t worry about that.
Did they look it up based on the part number in the catalog? I cannot find the thread at the moment where someone said they had them.
I’ve decided I’m not going to worry about it. Fob cloning isn’t popular here (yet), the car can be tracked, and I have insurance.
Either way, old or new fob, the relay attack is possible.
Did they look it up based on the part number in the catalog? I cannot find the thread at the moment where someone said they had them.
I’ve decided I’m not going to worry about it. Fob cloning isn’t popular here (yet), the car can be tracked, and I have insurance.
Either way, old or new fob, the relay attack is possible.
TaoJones
Beyond Driven
Thanks and good point about the relay attack. I'll ask my service advisor about the part number; he said the lead tech/shop foreman told him they couldn't get it done yet.
Yeah, I searched for the thread and couldn't find it either. My remaining concern is that if someone's going to bother carrying around a few hundred bucks in gear to target Teslas, they know how to disable the tracking. And while I have insurance as well, I've also got enough in aftermarket into the car both in $ and in time that having it disappear one day is going to be an even more colossal PITA than if the car was totaled.
Eh. Admittedly first world problems amongst a whole bunch of other things more worth being concerned about.
Similar threads
