EU I think everyone has to get their license in a manual.
Several countries in the EU have automatic only drivers licenses, but hardly anybody gets them since being forbidden from driving a manual car is a pretty significant limitation.
Switzerland recently changed the law so people that passed the exam on an automatic are now allowed to drive manual transmissions as well. Seems slightly crazy to me.
I read about ~1m boosting, though not sure what type of technology it was. It might still be a good idea to limit time-of-flight to eliminate relay attacks.
Are Tesla seriously that bad at crypto that they can't prevent a replay attack? A time-based MAC (Message Authentication Code) system like those used by bank 2FAs can go quite a long way. You just have to resync the clock when you change the battery.
There is a regulation that says that the car can't just stop driving mid-drive. It's just basic safety common sense - imagine car shutting down on a highway because the key battery died or there was a radio interference.
Very interesting seeing how this attack is performed. I'd imagine that future keyfobs would use a time of flight based system of call and response to prevent this sort of thing.
Keys are sometimes set down in the vehicle before starting. A time based rule (motion within last x) won't help because sitting in a non-running car is something that happens often enough that keys not working would be a problem.
Also, someone could steal your car while you have your keys in your pocket inside your house, or walking around a store.
Or just a cryptographic challenge/response. No range limitations like time-of-flight, protects against replay, cheap with appropriate hardware. And since key fobs are custom hardware anyway (and typically expensive!) the <1$ crypto ICs I've used like the Microchip ATECC608 could be added to implement it with minimal price increase.
This was a headline in all the Swedish newspapers a few days ago. Apparently a gang of car thieves has been sweeping through parts of the country and stealing dozens of Teslas in a very short time span.
I don't understand how anyone in a security role in the car industry can accept a system like this that's been broken and abused for years. Is the convenience of not having to push a button on the key fob as you approach the car really worth the risk of having it stolen fairly easily?
Car security systems always were this unreliable. Earlier systems were vulnerable to replay attacks or had weak encryption. I think they are made to protect against random person walking by, not a professional and well-equipped attacker.
Ultimately a professional can just turn up with a trailer and load the car onto it if they are really determined. Deterring the more casual end of theft is the right solution.
What’s happened is that the accessibility of the technology to undertake eg replay or relay attacks has increased so that’s now become a more casual theft vector. It’s a cat and mouse game.
What car? You mean that pile of ready-to-fence parts over there? And the big-ass battery that’ll fetch $4,000? And those seats that I just listed on eBay? ;)
Apple Watches can be used to unlock MacBooks and are immune to relay attacks like these because the laptop only accepts signals with a small enough roundtrip latency. Due to the speed of light, it's impossible to unlock it from farther than a few feet away, even with a relay. Why don't key fobs do the same thing? It must take more expensive radios/hardware, but I feel like it would be worth it for a car like a Tesla.
That, many many years ago I have learned that roundtrip latency should always be measured in this kind of technology, AFAIK since it is mostly measured in the car then battery life and a bit more expensive hardware is not a big deal (apparently not)
I don't think so. Amplification attacks with the right hardware adds only a negligible delay. At the same time the protocol is not constant time, requiring some margin.
The main difference to Tesla hack is that you don't keep your MacBook outside the house at nights. And thief's don't need to unlock it to steal it, they just take it and leave.
When you unlock your Mac with an Apple Watch, the OS makes sure the watch is actually close to it by measuring the distance it takes the signal to travel to the device. Why won't car manufactures do that? Is there any reason?
Everyone commenting on this should be aware that Tesla has different generations of keyfob technology. The Model 3 keyfobs for instance make a different tradeoff with convenience versus security, being slightly less convenient and way more secure. The car in the story was a Model S.
The main problem with the earlier Tesla keyfobs is that they used a known-broken 40-bit encryption scheme that allowed them to simply be cloned by an attacker. I'm not sure what they fixed other than upgrading the crypto to something that wasn'y horribly insecure. That's also the reason they introduced the PIN feature.
Israeli thieves (well, mostly Palestinians) are already over that- they open a door (or smash a window), open the hood and in seconds change the car's computer with one the bring with them.
Insurance companies try to fight that by forcing the installation of a "safe" around the computer
Stupid motherfucker Elon with his TNG obsession can go fuck his own dick until it rots and falls off. Fuck your worthless touchscreens that no one EVER asked for, you aren't cool and you aren't invincible. Shove your first mover advantage up your ass you literal nobody. Grimes isn't even interesting, she's a generic ugly and unhealthy white girl with a soundcloud account. Who the FUCK cares lol meanwhile we're all judging you for being such a simp. Pathetic balding insect. Go fuck yourself you fucking fake weeb and balding midlife crisis motherfucker whose dick probably doesn't even work anymore without pills. I know you're reading this comment you vermin, suck my dick you garbage leftover pile of carbon that was once a human. I was sent by God to track your progress and you're really not impressing us at all. Believe it or not my reach is greater than yours, you inferior speck. Soon you will pay for your insolence. Why does twitter even exist anymore? You could have built a successful competitor in exchange for a fraction of 1% of your net worth but you didn't even try. You're a failure. Failure. Failure. Failure. Failure. Elon Musk the Failure. Elon Musk the Failure. Elon Musk the Failure. Elon Musk the Failure. Elon Musk the Failure. PATHETIC lmao
While I really hate that this attack is even possible, a nice feature with a car manufacturer that regularly and often update the software/firmware is this:
"In response to those attacks, Tesla started rolling out [...] If an owner activates the “PIN to Drive” function [...] anyone entering the car will have to know your PIN in order to be able to drive away."
And why wouldn't the car (all vulnerable cars) deactivate when it one minute later (or X meters) doesn't detect the key in the car? Ie do a second poll of the key.
> And why wouldn't the car (all vulnerable cars) deactivate when it one minute later (or X meters) doesn't detect the key in the car? Ie do a second poll of the key
This has been a solved problem for some time in luxury/expensive vehicles. Vehicle tracking systems detect if the car is moved without the tracking card in it and silently inform their control centre of the fact, along with vehicle’s location. Control centre then calls owner and verifies if it’s them. Doing it this way has the advantage that if the driver is being threatened (carjacking for example), it doesn’t put them at further risk.
At least in the recent case of Tesla thefts here in Sweden the car thieves also blocked/disabled the GPS tracking before driving away so tracing the cars was impossible.
If a locks manufacturer market a lock to be secure giving it a 8 out of 10 rating but that lock could be decoded without any tools in a very short period of time then I believe that the manufacturer should bear some responsibility.
But then again Master Lock still exist lol... Take the 174SSD for example. Master Lock list it for $38 so not a bargain basement lock. They say it’s “best for“ For: Residential Gates & Fences, Sheds, Workshops, Garages, Storage Lockers, Tool Chests, Tool Boxes[0], the packaging boasts about its security[1] and yet it can be quickly decoded without tools[2].
Now I’m sure the people on this site are aware of the quality of Master Lock but is your avg Joe walking into the hardware store? IMO there is a point where your performance can’t back up your marketing you become libel.
But in Tesla’s case I don’t think they market the security of their keyless entry/start. I would say they are aware of the security risks of the tech and is why they released an OTA update that enables the need of a passcode to start the car. The question for me then becomes, If Tesla we’re aware of this risk and added a protection against it but didn’t advise customers of the risks of keyless entry/start and the protections against it enough could they have at least a little liability? OTA Cuts both ways, Yes it allows for easy updating in the field, but it also provides a direct communication point with your customer to be able to advise them of "such new information".
EDIT: Cleared up some spelling (fucking auto correct). But I would also like to make it clear that I wouldn't expect a lock manufacturer to always be responsible for the items the lock is "protecting". For an example: You put a high security lock of your front door to protect your home, A burglar cases your joint and instead of picking the lock which will take too much time they break a window and enter your home though that instead. The lock did its job so I couldn't hold the manufacturer responsible at all.
My gripe is when weak locks, or locks with known defects are being sold to the general public as "secure". If a car manufacturer said their car was safe in a crash, giving themselves a high safety score but it found out that "safe" meant that it was only deemed safe under lab conditions were the impact was at exactly 55mph but in the real world a defect meant it was hit and miss that the airbags would actually deploy in the event of a collision people would be up in arms about it, lawsuits filed, recalls issued, etc.
I don't expect any lock to be 100% secure (nor any car 100% safe in a collision) but when the marketing team for a manufacturer take it on themselves to talk up the security then I don't think its wrong to expect that manufacturer to held to account when their claims don't hold up.
Tesla released an update in 2017 giving users the ability to disable keyless entry. That paired with OTA I wonder if it would be wise of them to push an advisory to all cars with keyless entry still enabled advising the customer of the risk of keyless entry and asking the customer if they would like to disable it? If you have made it explicitly clear that keyless gives a convenience bump at the sacrifice of security but the customer still decides to leave keyless enabled that is a choice the customer willingly made.
I thought a key upgrade might work if they can get the time of flight working correctly to kill of amplify attacks. But it was more an "in the mean time" fix until they release new keys with time of flight or your new service.
I'm glad my car has a keyfob that I can easily turn off. Relay attacks don't work then. In fact I'd much rather have a keyfob where I have to push a button to unlock the car; I don't really see how not having to push a button adds all that much convenience.
When you are wrangling your kids and your keys are in a bag somewhere.
Just one instance of not having to push a button could be a convenience.
Not that I disagree that I much prefer having keyless entry disabled on my car. Just giving a situation where I could see keyless as being more convenient because I’m an argumentative little shit ;-)
70 comments
[ 2.7 ms ] story [ 103 ms ] threadSeveral countries in the EU have automatic only drivers licenses, but hardly anybody gets them since being forbidden from driving a manual car is a pretty significant limitation.
Maybe could still be defeated with a very long range RFID reader? I don’t know how long range they get.
E.g. See Tuomas Aura's most excellent paper:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.69....
https://hackernoon.com/signal-amplification-relay-attack-sar...
And yes, I do have an unfortunate personal experience to support this theory :-)
Keys are sometimes set down in the vehicle before starting. A time based rule (motion within last x) won't help because sitting in a non-running car is something that happens often enough that keys not working would be a problem.
Also, someone could steal your car while you have your keys in your pocket inside your house, or walking around a store.
This was a relay attack. Not a re_p_lay attack.
It's just amplifying the signal from the outside car to the inside keys & vice versa.
What’s happened is that the accessibility of the technology to undertake eg replay or relay attacks has increased so that’s now become a more casual theft vector. It’s a cat and mouse game.
Not all of them. Some have really really good security.
And security regulation for car security is coming worldwide in 2021, thanks to the "terrorist threat".
And that's ignoring that it could just be sold for parts.
Not fun getting into a car that's been in the sun most of the day when the temperature is 40°C
The main difference to Tesla hack is that you don't keep your MacBook outside the house at nights. And thief's don't need to unlock it to steal it, they just take it and leave.
https://bgr.com/2016/06/27/macos-auto-unlock-security-apple-...
Insurance companies try to fight that by forcing the installation of a "safe" around the computer
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future.
"In response to those attacks, Tesla started rolling out [...] If an owner activates the “PIN to Drive” function [...] anyone entering the car will have to know your PIN in order to be able to drive away."
And why wouldn't the car (all vulnerable cars) deactivate when it one minute later (or X meters) doesn't detect the key in the car? Ie do a second poll of the key.
This has been a solved problem for some time in luxury/expensive vehicles. Vehicle tracking systems detect if the car is moved without the tracking card in it and silently inform their control centre of the fact, along with vehicle’s location. Control centre then calls owner and verifies if it’s them. Doing it this way has the advantage that if the driver is being threatened (carjacking for example), it doesn’t put them at further risk.
Probably a safety vs security concern. They don't want your car to suddenly die on you in the middle of the highway if your keyfob battery dies.
Should Yale be responsible for all the stuff stolen from a house after someone picks the lock? I don't think so.
If a locks manufacturer market a lock to be secure giving it a 8 out of 10 rating but that lock could be decoded without any tools in a very short period of time then I believe that the manufacturer should bear some responsibility.
But then again Master Lock still exist lol... Take the 174SSD for example. Master Lock list it for $38 so not a bargain basement lock. They say it’s “best for“ For: Residential Gates & Fences, Sheds, Workshops, Garages, Storage Lockers, Tool Chests, Tool Boxes[0], the packaging boasts about its security[1] and yet it can be quickly decoded without tools[2].
Now I’m sure the people on this site are aware of the quality of Master Lock but is your avg Joe walking into the hardware store? IMO there is a point where your performance can’t back up your marketing you become libel.
But in Tesla’s case I don’t think they market the security of their keyless entry/start. I would say they are aware of the security risks of the tech and is why they released an OTA update that enables the need of a passcode to start the car. The question for me then becomes, If Tesla we’re aware of this risk and added a protection against it but didn’t advise customers of the risks of keyless entry/start and the protections against it enough could they have at least a little liability? OTA Cuts both ways, Yes it allows for easy updating in the field, but it also provides a direct communication point with your customer to be able to advise them of "such new information".
[0] https://www.masterlock.com/personal-use/product/174SSD
[1] https://imgur.com/a/iaffVut
[2] https://youtu.be/CTLY4b3sG9E
EDIT: Cleared up some spelling (fucking auto correct). But I would also like to make it clear that I wouldn't expect a lock manufacturer to always be responsible for the items the lock is "protecting". For an example: You put a high security lock of your front door to protect your home, A burglar cases your joint and instead of picking the lock which will take too much time they break a window and enter your home though that instead. The lock did its job so I couldn't hold the manufacturer responsible at all.
My gripe is when weak locks, or locks with known defects are being sold to the general public as "secure". If a car manufacturer said their car was safe in a crash, giving themselves a high safety score but it found out that "safe" meant that it was only deemed safe under lab conditions were the impact was at exactly 55mph but in the real world a defect meant it was hit and miss that the airbags would actually deploy in the event of a collision people would be up in arms about it, lawsuits filed, recalls issued, etc.
I don't expect any lock to be 100% secure (nor any car 100% safe in a collision) but when the marketing team for a manufacturer take it on themselves to talk up the security then I don't think its wrong to expect that manufacturer to held to account when their claims don't hold up.
Tesla released an update in 2017 giving users the ability to disable keyless entry. That paired with OTA I wonder if it would be wise of them to push an advisory to all cars with keyless entry still enabled advising the customer of the risk of keyless entry and asking the customer if they would like to disable it? If you have made it explicitly clear that keyless gives a convenience bump at the sacrifice of security but the customer still decides to leave keyless enabled that is a choice the customer willingly made.
Just thinking outloud.
Just one instance of not having to push a button could be a convenience.
Not that I disagree that I much prefer having keyless entry disabled on my car. Just giving a situation where I could see keyless as being more convenient because I’m an argumentative little shit ;-)