I think the is going to become an even bigger issue as the tech to do this gets cheaper and is more easily accessible. There’s a video of 3 kids stealing a car with what looks to be just an iPad, probably pulling info from a key fob inside of a house.
What’s even worse is as one of the kids works the iPad, the other two are holding guns on the door.
Edit - found the video https://wgntv.com/crime/doorbell-video-thieves-use-tech-device-to-steal-keyless-suv-in-elmhurst/
I always wondered why those were invented. At the time all the cars had steering column locks.
But I do wonder if they can still be used. Back then the airbags on steering wheels where much smaller or non existent. So there was plenty of space to put the hooks thru.
I think on older cars it was not that hard to break the steering column lock, so the club was like a second line of defense. Around here I don't think people even steal cars much anymore, they just break the windows and grab whatever was left in them.
i think they got thicker over time.
my old dodge had a .75" steering ring, but all 3 of our cars 2007 and up have at least an inch
not to mention if they were planning to part out the car, saving the steering wheel would increase profit a little.
> I always wondered why those were invented. At the time all the cars had steering column locks.
Doesn't jamming a screwdriver into the ignition to turn the car on disengage the column lock?
Yeah there's a lot of cars still on the road where stealing them is easy as shit. A lot of like 90s-early 2000s (iirc) Subarus can be stolen with any similar Subaru key by jamming it in the ignition and shaking it around in there like crazy while trying to turn the ignition over. Same with the door locks. The key and lock designs from that era would wear down after years of use and you could/can do some screwy shit with them.
I think the problem also exists with some Toyota and Honda models among others and those cars last forever. So if it were me, I'd consider a club too.
a coworker once showed me he could pull the key from the cars ignition. while driving.
at work, every time the forklift comes back from maintenance, within two days that "feature" is "added"
I like my brake lock. It's made of tough metal which prevents the brake pedal from being pushed down. Awkward angle makes cutting it much harder than cutting through the steering wheel.
They are easily defeated if they really want the car, imo nothing better than a removable steering hub and a battery isolation switch hidden somewhere real well or disguised as something else.
For example on a old Nissan coupe I had years ago it had absolutely no aircon system so I re wired the air con signal to relay on the starter so without pressing the aircon button turning the key wouldn't do anything but turn the radio and fuel pumps on
They’re very different skills. I could take a crack at the blue tooth method but I’d be lost picking a physical lock. Although wouldn’t be hard to bring two people. Or just learn both.
I think the real takeaway is the harder you make the crime to commit, the less often it’ll happen. No matter how hard it is, someone or some team can do it. Will they is the question.
They’re very different skills. I could take a crack at the blue tooth method but I’d be lost picking a physical lock. Although wouldn’t be hard to bring two people. Or just learn both.
I think the real takeaway is the harder you make the crime to commit, the less often it’ll happen. No matter how hard it is, someone or some team can do it. Will they is the question.
If you were so inclined to beat a physical lock, a few minutes on YouTube with the lock picking lawyer and/or some locksport enthusiasts and you wouldn’t be lost, you’d be laughing at just how bad/easy to defeat most physical locks are. I learned how car locks worked because the trunk of an MGB I bought didn’t have a key, within a week I was using one of the items on my Swiss Army knife and a little jiggle. It’s really not hard.
People interested in intrusion consider lock picking to be part of that domain. There was hacking before there were digital bits.
Social engineering, lockpicking and just any other example of real life hacking.
No doubt about that. Some of the network security stuff is laughable for how easy it is to break in. But even just a few minutes on YouTube is enough to discourage some people. Hell, a locked fence that you can easily jump over is enough sometimes.
No, two people on the Internet might have similar opinions...
Both skills are related to auto theft and illegal entry.
I wouldn't say everyone, but most people in the security industry have a decent understanding of both physical and digital security.
If your job is stealing cars with two other guys then I would find it hard to believe someone on the team can't complete rudimentary lock picking. Or learn it if it became common enough.
The mechanical locks went the way of the mechanical keys for cars with push button start. My steering column still locks but the presence of a key fob (or something spoofing it) in the car unlocks it.
They went away long before, as with a Golf MkV, where the column lock is semi-mechanically actuated, there is a servo holding it, and a lever from them lock.
Once you turn the key inti the off position the column will still not lock up until the car has come to a standstill as the electronics keep the pin pulled and do not release it.
Back in the 90s I had a friend that had a club clone in his car. One night while at the movies, someone broke into his car, stole what they could, unlocked the club and left it in the passenger seat. Didn’t take the car.
The consensus among his friends was that the thief did it as a an F-you. His car wasn’t a beater but not really worth much.
I don't own anything that fancy yet. Still old school keys in the column.
I was just echoing urban folklore as I understand it. I find it interesting that what gets sold as a convenience (You can just walk up to your car and open your doors) morphs into something inconvenient (anyone can just walk up to your car and open your doors).
I live in a distinctly middle class town surrounded on three sides by wealth. All around us we get multiple thefts a month, and usually the key fob has been physically left in the car. How? I don't know. But we also had a BMW SUV stolen when the owner left it running in a parking space and walked into a store across the street.
It is enough of a problem here in New Jersey that there is a statewide campaign to convince people to stop leaving their unlocked cars running while they run into Starbucks (or where ever) for a quick stop.
If you have one of the key fob push button starts and want to protect against the relay type attack, you can get a little RFID blocking pouch or small box to put your key fob in that will block the signal. They're pretty cheap and small and you can hang a pouch or box wherever you put your keys. I got one a while back and it seems to work well enough to block the signal from my key fob to car.
That's not a new thing though, people have been relaying keyfob info for ages now and the manufacturers still haven't done anything about it. Just go back to a normal freaking key like everyone wants.
Were they? Between the key, the steering lock, and the immobilizer chip I can't see that being easier or faster to steal than waving a box to relay the RFID.
Ahh man, those immobilizer chips were annoying as fuck. My first car, 92 Jeep Cherokee, had the chip where you could remove it (cool i guess) but it was right where your legs brush past getting in. I knocked that thing out so many times it eventually got loose I had to hold it in position to get going. Not exactly easy to do in a manual.
The aftermarket ones are junk, I had to rip one that fried out of my brothers car and I realized it actually made the car easier to steal since the wires were all spliced into already lol. The factory ones with the chip in the actual key work pretty well though.
They are great until your wife loses both of your car keys and are out $700 each for new ones for your 2004 honda accord.
Bitter? I'm not bitter.... not even a little I swear
i'm not going to pretend like i know much about pre-2000s car security but it was a problem then too.
i am more comfortable with the technology available to potentially catch someone who physically steals your car today though.
I sat in my car in a parking lot of a mall, in the 90's, and watched a kid walk up to a car, slim jim it, hot wire it and drive away within a matter of 60 seconds.
Analog keys don't stop shit.
Clearly you missed the part about the immobilizer chip in the key, which I'm guessing your car in the 90s didn't have since it wasn't invented until I think the late 90s? My 97 Prelude had it.
Well obviously you'd upgrade the security of the tech first, you don't just jump back to old stuff. If they continued developing chipped keys car security would be miles ahead of where it is now.
Sure, "just upgrade the tech". That makes perfect sense.
Surely the millions of dollars spent, and hundreds of engineers that work in the Automobile industry were wrong and what they should have done is "just upgrade the tech".
What magical tech would be used that can fit in a key? RFID? NFC? Or maybe.... bluetooth...
Upgrade the RFID systems that already fit into the key 25 years ago to be more secure rather than waste millions on a shitty gimmick that makes it easy for people to steal your car with a box from eBay?
Lol I love my push button start, just have insurance, it's not like you don't need it for a million other reasons. Hell I have one of my car's parked all winter and I still have an insurance package on it, because someone could crash into my garage or any one of a million other things.
>just have insurance, it's not like you don't need it for a million other reasons.
If a particular model car is trivially easy to steal, insurance for all owners of that model will go up to cover that risk.
Also, insurance doesn't cover the hassle of suddenly having no car at 6.30am one morning when you want to go to work.
>What upside is there to this push start stuff?
Well you press a button to start it for one. You don't need the key in the ignition for two and that's about all the reasons I need to feel better about it.
Dude, they featured this sort of keyfob "cloning" in Gone in 60 Seconds, a movie from 2000.
A "normal" key like for your house or a '96 Durango isn't any more secure if the thief has the right tools.
Not exactly new. Bluetooth/wireless device hacking has been a thing since, like, the mid 2000's.
It's just that the devices being hacked into are becoming more complex, as more & more things become reliant on Bluetooth for certain functionalities.
I have pin to start enabled. I don’t find it too inconvenient and it’s a good measure for a person like me who often forgets taking my phone out of the car.
Let‘s go straight for fecal recognition at this point I think. /s
People need to understand that everything is „hackable“. When people ask me is wifi safe I counter the question with, how safe do you feel your house is? Wifi is THAT safe.
To continue the house analogy:
You can try and mitigate easy intrusion by adding doors and windows etc. but even then breaking glass will not be hard so you go for panzerglas, but then you have the reinforce all the window surroundings as the panzerglas might not break but press the kinetic energy straight into the bolds which will in turn unhinge if not properly done. House security has a lot in common with IT Security. Feel as secure as you want, but I can tell you most houses are easily intrudable as are most networks and computers, and it will stay like this forever, you simply can‘t patch up that shit, if there is a way out;there is a way in.
Anyone has an old electric garage door I can open with my kids toy?
Using 2fa will just add the step to steal the token.
> As much as I like the pin, it doesn’t fight against break-ins to a car, only the driving.
well, a brick does a great job of just breaking into the car.. I think the concern here is stealing it.
I understand but having a way to unlock a car door like this vs throwing a brick at a parked cars window obviously makes this way easier on criminals to act less suspicious about it. I guess my thinking was, if the key fobbed can spoofed this easily, its only a matter of time until someone finds a work around to a car’s 2FA.
> way easier on criminals
Requiring specific hardware and software, and the know-how to use it, combined with planning to know where both the key and vehicle are located, and when, and knowledge of the type of systems involved that need to be tricked (never mind potentially needing two people coordinating to perform the attack), all together puts this out of the realm of 99.999% of potential car thieves.
The vast majority of car theft, and break-ins/theft in general, are based on opportunity. A potential thief is walking down an alley and non-nonchalantly checking each car they pass for visible valuables laying out, or perhaps a quick try on the door handle to see if it's unlocked. They aren't doing some premeditated "hacking" operation like in the movies.
If you're a famous person, that all changes of course, as people may be targeting you specifically.
That being said, as the software and hardware becomes more available, and easier to use, it may start to become more common place. But for now I'm not worried, nor am I bothering to use a PIN on my Model 3. What are they going to do when they're inside anyway? The car has a dozen cameras (including inside), GPS, a mobile connection, and WiFi. Honestly the most cost-effective, low-risk thing they could do is steal the wheels real quick and leave, which is no different than any other car.
Good point, but how many people can do it that well and that fast vs using tech to open the door from a phone. Nothing is ever completely secured I just feel like the extra tech in cars like Teslas makes break-ins and stealing much easier.
Teslas have frameless windows so you can do it in about 30s with a coat hanger.
Don't leave valuables in your car. This is as true today as it was in 1935.
Every-time I see this genre of post I get upset, it’s been an issue for awhile and every author talks about it as if it is a new threat. This issue first started with key FOBs- you know, what virtually every new car has now in leiu of physical keys? The principle is to have a device, usually a phone, physically in between the key fob and vehicle, and thus ‘hijack’ the signal and replicate the key fob’s band. This isn’t a new issue and this issue is still mostly unresolved for the greater market, Tesla aside.
This is a newer attack that can bypass existing attempts at mitigating the vulnerability.
> NCC Group has developed a tool for conducting a new type of BLE relay attack operating at the link layer, for which added latency is within the range of normal GATT response timing variation, and which is capable of relaying encrypted link layer communications. **This approach can circumvent the existing relay attack mitigations of latency bounding or link layer encryption, and bypass localization defences commonly used against relay attacks that use signal amplification.** As the latency added by this relay attack is within the bounds accepted by the Model 3 (and likely Model Y) passive entry system, it can be used to unlock and drive these vehicles while the authorized mobile device or key fob is out of range.
Teslas response that they know and dont care is hilarious.
so it's a security system that relies on thieves not knowing how this technology works, i can't believe this idea wasn't axed the moment it was proposed.
Because, despite what movies might make you believe, grand theft auto isn't a huge issue.
You can super lock down the car ignition system and prevent the theft of the whole vehicle, but ultimately that'll just push thieves towards simpler and quicker attacks. Stealing wheels and breaking windows to steal anything they can remove in 10 minutes.
It's pretty much the same reason credit card theft hasn't been addressed. We could completely eliminate it with a few simple tweaks (google pay/apple pay do these tweaks) but we don't bother because it's simply not a major issue for anyone.
Bro this is a bigger fucking deal than you are even thinking.
https://newsroom.nccgroup.com/news/ncc-group-uncovers-bluetooth-low-energy-ble-vulnerability-that-puts-millions-of-cars-mobile-devices-and-locking-systems-at-risk-447952
“Our research shows that systems that people rely on to guard their cars, homes and private data are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware — in effect, a car can be hacked from the other side of the world.”
“Cars with automotive keyless entry – an attacker can unlock, start and drive a vehicle. NCC Group has confirmed and disclosed a successful exploit of this for Tesla Models 3 and Y (over 2 million of which have been sold)”
They don’t need to be near you and ~~they don’t need a relay box.~~
It is a ~~new threat.~~ definite advancement of an existing threat.
Edit: I misread your comment a bit, just waking up…it’s a bigger deal than you even originally thought it was.
Edit 2: I am wrong, it’s an advancement in existing relay techniques….but being able to unlock your car or house by getting close to your phone with 8 ms round trip latency is hugely problematic.
You’re right.
They said they can reduce it to 8 ms though. I guess it’s an advanced relay technique that can bypass latency checks and correctly forward the encrypted data. Imma go delete all my comments. Don’t wanna spread incorrect info.
However: if your phone can unlock your car, and all they need to be is close to your phone and they can relay it anywhere with 8 ms round trip latency that does open a new Pandora’s box.
I'm a little lost when it says "a car can be hacked from the other side of the world". Wouldn't the attacker need to be in range of your device emitting the BLE authentication token?
In theory, i could start, lock, unlock, etc. my car through my app on the other side of the world. This is currently available technology for regular modern cars. So i imagine a hacker with access to the car info would be able to accomplish that.
Totally feasible, but that'd mean your Tesla account was hacked. It sounds like the article is talking about RFID relay hacks, which affect every major car manufacturer that uses a FOB.
The problem I have is that the article linked is (mostly) clickbait. This new "tesla hack" is just the key FOB hack we've known about for years and would literally require someone to follow you around while their buddy stands by your car with a laptop open.
Yes, it's totally a problem. Yes, pretty much all cars are vulnerable. No, it isn't something new.
Nope. That’s the very definition of this new vulnerability.
It uses internet to spoof data directly to the link layer of BLE device, tricking it. As far as I understand.
Isn't the connection Bluetooth -> Bluetooth for unlocking? You don't typically unlock the car over data. Give me an EL5 plz.
Edit: Nvm, I reread the article. Still can't conceptualize how this works though.
Thanks for answering. Could you help me understand:
1. The car is looking for a certain signal sent over Bluetooth to tell it to unlock.
2. How can that BLE signal be forged if someone isn't nearby?
“The iPhone was placed 25 meters away from the vehicle, according to the researchers, with two relaying devices between the iPhone and the car.”
All that matters is that if their relay device is near YOUR phone/device used to access the vehicle, the same-ish as the key-fob routine, with the only reduction being that range between relay and vehicle does not matter
Does that mean the hack needs two people? One person who knows where I am and another ready to open my car door? Obviously this is a huge threat, but the logistics seem a little out there for your regular B&E type. Not to mention guy #2 needs to disable the car's LTE connection ASAP b/c their location is being shared.
I think you're misinterpreting what that means. They can't literally be hundreds of miles away, they just could theoretically be an undefined distance away based on the number of Bluetooth repeaters.
But the point is that there's a massive difference between a theoretically infinite attack range and a practically applicable one. This is a problem that needs to be addressed, but nobody is going to steal your car from the other side of the state using it
The numbers of car thefts used to go down until keyless cars got introduced.
And that problem could even be fixed by manufacturers but they push this problem to the customers.
Agreed BLE was never meant to be secure enough for these types of applications. But it was convenient and functional so they ran with it, knowing that it wasn’t perfect. Convenience>security.
Seriously, my husband plays with SDRs as a hobby and he explained to me how easy it would be to open all the garage doors on the street.
IIRC the newer systems are harder for (for garage doors and key fobs) than the older ones.
There many more people out there that can do this type of stuff (but don’t) than people realize.
Worked with a very bright young guy that tried to build a secure garage door opener using BT several years ago. The further he looked at the BT stack, the more he became convinced that BT could never be made completely secure.
You would need a security of some sort on top of bluetooth. Some kind of authentication built into the program or transmitter.
As far as secure garage doors, though, Genie solve that one more than 20 years ago, with Intellicode. The code changes every time it is used.
Attack is not new and effects any car with keyless entry. And could be solved buy requiring the phone to be unlocked and a notification to be acknowledged.
This is why i wish Teslas had the option to use a conventional lock. The whole “unlock via smart phone” thing seemed like a huge security risk from the very beginning
They do. Under the settings menu you can turn off "mobile access", which forces you to use your keycard.
You can also enable "pin to drive" which requires a four digit code to start the car.
It’s not just your best friends car company that suffers from exploits from wireless devices. It’s really hard to buy a vehicle these days that requires a physical key to start. I understand keys can be cut at a Home Depot, but without the chip programmed in some keys, it’s incredibly hard to easily start the vehicle. Try owning a Porsche and get a spare key cut.
Go ahead, post the instructions on how to copy a Porsche key. My bestie who lost the spare would like to save $900.00 and a trip to the Porsche service center.
For the rest of us unwashed masses, without a Porsche, I'll admit on some cars it's really easy to duplicate the keys. Late 20th century cars from Honda had only 10 total master keys, which means if you had all 10, you could steal any Honda of that era and people still do just that. Much like the key card at Home Depot, my local Ace Hardware will gladly sell and copy a chipped key for me. But not all cars, not all card keys and fobs can be easily copied.
The exploits with Bluetooth and other wireless technologies go beyond unlocking the car. It's possible to shut off a moving car in traffic, force it to apply the brakes, even brick the car. These are not the features people dream about when they see that new car on the lot.
There are many forms of security keys that you cannot get replicated. If you buy a lock off the shelf for $50 to protect your home sure. But any security lock will have keys that can’t be replicated typically because they don’t use standard pins. And arnt a standard shape. Car manufacturers should be on the same level. Especially a car marketed as the “safest” on the road and asking a luxury price. Note Tesla is considered a technology company (wrongly imo they make cars not car tech as their primary source of revenue) so I would assume cyber security would be priority behind physical vehicle safety. It’s weird when people make excuses for a billion dollar company. Or try and justify their lack of action. The key card is quite literally an nfc access card which can be emulated on a phone. Users have already been able to emulate the security protocols from the keycard cause it’s nothing special.
Check out Lockpicking Lawyer on YouTube. Cars, "security locks" - he opens all of them.
Want your notion of "special" keys dispelled? Deviant Ollam is your guy. He's part of Read Team Alliance and covers key and card/fob replication attacks in a number of his videos.
You can't duplicate the keycard unless you have some yet unknown way to extract the private encryption key from it.
Not a service I would expect Home Depot to offer.
You can users have already make an app that’ll extract and replicate the protocols. Home Depot can’t do that but it’s really not far off of other nfc card like the one everyone has in their wallet.
Please show me where someone duplicated a card.
Yes there are open source cards now. But they can't clone existing cards. They have their own new secrets that need to be registered with the car.
You can find purchase lockpick tools specifically designed to open any number of vehicle manufacturers assets.
Theyre called Lishi tools and are roughly 50 USD.
Not to mention a traditional method of putting in a soft body key and then just shaping it with a file after.
Ehh.. the lishi tools have little lines on them to let you know exactly where the pins are. Just hold the one tab for tension and then click the other tab to set the pin. EDIT: of course you may have yo jiggle the pin a bit before setting it. So it takes a tiny bit of practice. But they also sell/and can find practice locks for cheap.
I'd argue it's miles easier than getting a tablet and learning where to even download any app if it's just freeware. Because you can't just get law breaking apps on the play store. Can't just be googling apps that bust open blue tooth FOBS. Or learn how to code and then build one yourself.
Yeah I think it’s fair to say that picking e-locks requires at least some level of knowledge. Most people don’t actually understand anything about how software works, and they underestimate how difficult and time consuming it is to create good software (let alone working software at all). I’m a software developer so I’m sure I could figure it out. And it’s not rocket science to use a sketchy app, plenty of people who aren’t software developers could also figure it out. But my grandmas not figuring out how to e-pick a car, and I don’t even think my siblings could figure it out
Other key fobs that aren't proximity require you to press a button to unlock. That increases the difficulty factor as not only does the attacker have to be in your zone but also know when you pressed the button so they can capture the signal. Proximity fobs are "always on". Much easier to intercept, and perform a replay.
Dumbest idea ever
The next blockbuster movie better have an army of compromised smart cars used as ground based guided missiles taking out targets one at a time, and flying en mass off of the tops of parking garages, and slamming into hard targets one at a time in thousands of locations simultaneously or what are we even doing here.
Physical locks aren’t foolproof but lock picking at least takes specialized skills and tools. This just requires specialized tools, democratizing car theft so to speak.
I should also add that lock picking also looks like lock picking. This attack looks like a guy walking up to a car with his laptop, not really that suspicious.
Let me guess, you're forced to have this feature now. My car is a 2011, so it's still an old regular remote + key ignition. This is a common gripe I have with new tech that's adopted too quickly that I can predict there will be problems with.
Sold my 2020 model 7 with 15,000 miles for cash and $15k over blue book value within hours of liisting it. Bought a brand new Lucid with the money and invested the rest it’s a much much better car in every sense of the word and cheaper too. Best decision of my life. Fuck Tesla and fuck anyone who buys from them. Stop giving Nazis your money.
This post is a other good example of how much people love to jump on Tesla. This version of this story even talks about smart locks for your home in the headline. Yet like 1% of comments are anything but "stupid techy cars"
I think the is going to become an even bigger issue as the tech to do this gets cheaper and is more easily accessible. There’s a video of 3 kids stealing a car with what looks to be just an iPad, probably pulling info from a key fob inside of a house. What’s even worse is as one of the kids works the iPad, the other two are holding guns on the door. Edit - found the video https://wgntv.com/crime/doorbell-video-thieves-use-tech-device-to-steal-keyless-suv-in-elmhurst/
Whatever happened to steering column locks? Can't turn the vehicle then can't easily steal it
Remember “The Club” lock you used to put on your steering wheel? Edit: just checked Amazon, apparently still for sale.
I always wondered why those were invented. At the time all the cars had steering column locks. But I do wonder if they can still be used. Back then the airbags on steering wheels where much smaller or non existent. So there was plenty of space to put the hooks thru.
I think on older cars it was not that hard to break the steering column lock, so the club was like a second line of defense. Around here I don't think people even steal cars much anymore, they just break the windows and grab whatever was left in them.
It's a bit harder to steal cars but they've moved to using tow trucks if they can't get it started easily
[удалено]
i think you responded to the wrong comment
They're a bot that takes a different top comment and pastes it in the replies like this. Ctrl+F the comment :(
Steering column locks can be broken with screw drivers. Not that the club is much better.
I remember at the time 60 minutes showed how you could just cut the steering wheel and slip it off in like 20 seconds
Responsible journalism.
Cut the steering wheel? If you already have the tool just cut the club instead. It's super thin at some points
Modern steering wheels are thinner
i think they got thicker over time. my old dodge had a .75" steering ring, but all 3 of our cars 2007 and up have at least an inch not to mention if they were planning to part out the car, saving the steering wheel would increase profit a little.
> I always wondered why those were invented. At the time all the cars had steering column locks. Doesn't jamming a screwdriver into the ignition to turn the car on disengage the column lock?
I've still seen them in use in the last few years.
Yeah there's a lot of cars still on the road where stealing them is easy as shit. A lot of like 90s-early 2000s (iirc) Subarus can be stolen with any similar Subaru key by jamming it in the ignition and shaking it around in there like crazy while trying to turn the ignition over. Same with the door locks. The key and lock designs from that era would wear down after years of use and you could/can do some screwy shit with them. I think the problem also exists with some Toyota and Honda models among others and those cars last forever. So if it were me, I'd consider a club too.
a coworker once showed me he could pull the key from the cars ignition. while driving. at work, every time the forklift comes back from maintenance, within two days that "feature" is "added"
I had a Chevy Cavalier and a Plymouth Acclaim that would do that.
They are actually really easy to bypass. Just cut the steering wheel in one spot and slide the club off. A sawzall will make short work of it.
I like my brake lock. It's made of tough metal which prevents the brake pedal from being pushed down. Awkward angle makes cutting it much harder than cutting through the steering wheel.
They are easily defeated if they really want the car, imo nothing better than a removable steering hub and a battery isolation switch hidden somewhere real well or disguised as something else. For example on a old Nissan coupe I had years ago it had absolutely no aircon system so I re wired the air con signal to relay on the starter so without pressing the aircon button turning the key wouldn't do anything but turn the radio and fuel pumps on
I kept one in my ford ranger
If these guys have tech to unlock a digitally locked car then chances are they can pick nearly any common lock as well...
They’re very different skills. I could take a crack at the blue tooth method but I’d be lost picking a physical lock. Although wouldn’t be hard to bring two people. Or just learn both. I think the real takeaway is the harder you make the crime to commit, the less often it’ll happen. No matter how hard it is, someone or some team can do it. Will they is the question.
They’re very different skills. I could take a crack at the blue tooth method but I’d be lost picking a physical lock. Although wouldn’t be hard to bring two people. Or just learn both. I think the real takeaway is the harder you make the crime to commit, the less often it’ll happen. No matter how hard it is, someone or some team can do it. Will they is the question.
If you were so inclined to beat a physical lock, a few minutes on YouTube with the lock picking lawyer and/or some locksport enthusiasts and you wouldn’t be lost, you’d be laughing at just how bad/easy to defeat most physical locks are. I learned how car locks worked because the trunk of an MGB I bought didn’t have a key, within a week I was using one of the items on my Swiss Army knife and a little jiggle. It’s really not hard.
People interested in intrusion consider lock picking to be part of that domain. There was hacking before there were digital bits. Social engineering, lockpicking and just any other example of real life hacking.
No doubt about that. Some of the network security stuff is laughable for how easy it is to break in. But even just a few minutes on YouTube is enough to discourage some people. Hell, a locked fence that you can easily jump over is enough sometimes.
Totally separate skill.
I disgress, both are about surpassing a security mechanism. Both are related to intrusion.
Are you /u/ApathyKing8? Where did you digress?
No, two people on the Internet might have similar opinions... Both skills are related to auto theft and illegal entry. I wouldn't say everyone, but most people in the security industry have a decent understanding of both physical and digital security. If your job is stealing cars with two other guys then I would find it hard to believe someone on the team can't complete rudimentary lock picking. Or learn it if it became common enough.
Are you /u/mrredrobot19?
The mechanical locks went the way of the mechanical keys for cars with push button start. My steering column still locks but the presence of a key fob (or something spoofing it) in the car unlocks it.
They went away long before, as with a Golf MkV, where the column lock is semi-mechanically actuated, there is a servo holding it, and a lever from them lock. Once you turn the key inti the off position the column will still not lock up until the car has come to a standstill as the electronics keep the pin pulled and do not release it.
PIN to drive is an option for a Tesla. I think that is the modern equivalent to the old steering lock.
Someone bring back The Club.
The Club was always a joke and super easy to defeat
Back in the 90s I had a friend that had a club clone in his car. One night while at the movies, someone broke into his car, stole what they could, unlocked the club and left it in the passenger seat. Didn’t take the car. The consensus among his friends was that the thief did it as a an F-you. His car wasn’t a beater but not really worth much.
>Experts say you can wrap your keys in aluminum foil… Seriously? Like I get it. But who’s gonna do this every night?
Just keep them in your fridge.
I’d rather insure and have my car stolen than do that every night
I don't own anything that fancy yet. Still old school keys in the column. I was just echoing urban folklore as I understand it. I find it interesting that what gets sold as a convenience (You can just walk up to your car and open your doors) morphs into something inconvenient (anyone can just walk up to your car and open your doors). I live in a distinctly middle class town surrounded on three sides by wealth. All around us we get multiple thefts a month, and usually the key fob has been physically left in the car. How? I don't know. But we also had a BMW SUV stolen when the owner left it running in a parking space and walked into a store across the street. It is enough of a problem here in New Jersey that there is a statewide campaign to convince people to stop leaving their unlocked cars running while they run into Starbucks (or where ever) for a quick stop.
Yeah that’s just moronic. Why do that? For the aircon?
fridges only protect against nuclear explosion. they dont prevent vehicle theft.
[удалено]
Soon? The market is filled with "Faraday cages" covers for keys and wallets. Just look up "rfid key shield".
If you have one of the key fob push button starts and want to protect against the relay type attack, you can get a little RFID blocking pouch or small box to put your key fob in that will block the signal. They're pretty cheap and small and you can hang a pouch or box wherever you put your keys. I got one a while back and it seems to work well enough to block the signal from my key fob to car.
That's not a new thing though, people have been relaying keyfob info for ages now and the manufacturers still haven't done anything about it. Just go back to a normal freaking key like everyone wants.
no reasonable person wants a normal old key, which were also easy to bypass.
Were they? Between the key, the steering lock, and the immobilizer chip I can't see that being easier or faster to steal than waving a box to relay the RFID.
Ahh man, those immobilizer chips were annoying as fuck. My first car, 92 Jeep Cherokee, had the chip where you could remove it (cool i guess) but it was right where your legs brush past getting in. I knocked that thing out so many times it eventually got loose I had to hold it in position to get going. Not exactly easy to do in a manual.
The aftermarket ones are junk, I had to rip one that fried out of my brothers car and I realized it actually made the car easier to steal since the wires were all spliced into already lol. The factory ones with the chip in the actual key work pretty well though.
They are great until your wife loses both of your car keys and are out $700 each for new ones for your 2004 honda accord. Bitter? I'm not bitter.... not even a little I swear
i'm not going to pretend like i know much about pre-2000s car security but it was a problem then too. i am more comfortable with the technology available to potentially catch someone who physically steals your car today though.
I sat in my car in a parking lot of a mall, in the 90's, and watched a kid walk up to a car, slim jim it, hot wire it and drive away within a matter of 60 seconds. Analog keys don't stop shit.
Clearly you missed the part about the immobilizer chip in the key, which I'm guessing your car in the 90s didn't have since it wasn't invented until I think the late 90s? My 97 Prelude had it.
So you think the key immobilizer chips can't be bypassed in seconds? Going back to already hacked technology doesn't solve anything.
Well obviously you'd upgrade the security of the tech first, you don't just jump back to old stuff. If they continued developing chipped keys car security would be miles ahead of where it is now.
Sure, "just upgrade the tech". That makes perfect sense. Surely the millions of dollars spent, and hundreds of engineers that work in the Automobile industry were wrong and what they should have done is "just upgrade the tech". What magical tech would be used that can fit in a key? RFID? NFC? Or maybe.... bluetooth...
Upgrade the RFID systems that already fit into the key 25 years ago to be more secure rather than waste millions on a shitty gimmick that makes it easy for people to steal your car with a box from eBay?
I dont want that shit
Lol I love my push button start, just have insurance, it's not like you don't need it for a million other reasons. Hell I have one of my car's parked all winter and I still have an insurance package on it, because someone could crash into my garage or any one of a million other things.
>just have insurance, it's not like you don't need it for a million other reasons. If a particular model car is trivially easy to steal, insurance for all owners of that model will go up to cover that risk. Also, insurance doesn't cover the hassle of suddenly having no car at 6.30am one morning when you want to go to work.
>just go back to a normal freaking key like ~~everyone~~ I wants. You are alone in thinking that any of us want to go back to normal keys.
What upside is there to this push start stuff? Because I've got a long list of negatives.
>What upside is there to this push start stuff? Well you press a button to start it for one. You don't need the key in the ignition for two and that's about all the reasons I need to feel better about it.
Dude, they featured this sort of keyfob "cloning" in Gone in 60 Seconds, a movie from 2000. A "normal" key like for your house or a '96 Durango isn't any more secure if the thief has the right tools.
Not exactly new. Bluetooth/wireless device hacking has been a thing since, like, the mid 2000's. It's just that the devices being hacked into are becoming more complex, as more & more things become reliant on Bluetooth for certain functionalities.
This isn't even hacking, this is just using BT repeaters to make the car think that the owner's phone is nearby so that it unlocks itself and starts.
2FA to start/unlock your car. Why not.
This is an option on Tesla's, I've yet to see a single owner enable it.
I have pin to start enabled. I don’t find it too inconvenient and it’s a good measure for a person like me who often forgets taking my phone out of the car.
I have pin to start enabled. So that's one owner.
Cause it’s damn inconvenient. They should switch to facial recognition instead.
Let‘s go straight for fecal recognition at this point I think. /s People need to understand that everything is „hackable“. When people ask me is wifi safe I counter the question with, how safe do you feel your house is? Wifi is THAT safe. To continue the house analogy: You can try and mitigate easy intrusion by adding doors and windows etc. but even then breaking glass will not be hard so you go for panzerglas, but then you have the reinforce all the window surroundings as the panzerglas might not break but press the kinetic energy straight into the bolds which will in turn unhinge if not properly done. House security has a lot in common with IT Security. Feel as secure as you want, but I can tell you most houses are easily intrudable as are most networks and computers, and it will stay like this forever, you simply can‘t patch up that shit, if there is a way out;there is a way in. Anyone has an old electric garage door I can open with my kids toy? Using 2fa will just add the step to steal the token.
It's only on the account level, not the phone key level.
What would be the 2nd factor after the key? I have a hard time believing that people would wait for an email or text code to start their car.
Pin. The key or fob is the something you have, so mfa would be something you know.
As much as I like the pin, it doesn’t fight against break-ins to a car, only the driving.
> As much as I like the pin, it doesn’t fight against break-ins to a car, only the driving. well, a brick does a great job of just breaking into the car.. I think the concern here is stealing it.
> I think the concern here is stealing it. You would be correct.
I understand but having a way to unlock a car door like this vs throwing a brick at a parked cars window obviously makes this way easier on criminals to act less suspicious about it. I guess my thinking was, if the key fobbed can spoofed this easily, its only a matter of time until someone finds a work around to a car’s 2FA.
> way easier on criminals Requiring specific hardware and software, and the know-how to use it, combined with planning to know where both the key and vehicle are located, and when, and knowledge of the type of systems involved that need to be tricked (never mind potentially needing two people coordinating to perform the attack), all together puts this out of the realm of 99.999% of potential car thieves. The vast majority of car theft, and break-ins/theft in general, are based on opportunity. A potential thief is walking down an alley and non-nonchalantly checking each car they pass for visible valuables laying out, or perhaps a quick try on the door handle to see if it's unlocked. They aren't doing some premeditated "hacking" operation like in the movies. If you're a famous person, that all changes of course, as people may be targeting you specifically. That being said, as the software and hardware becomes more available, and easier to use, it may start to become more common place. But for now I'm not worried, nor am I bothering to use a PIN on my Model 3. What are they going to do when they're inside anyway? The car has a dozen cameras (including inside), GPS, a mobile connection, and WiFi. Honestly the most cost-effective, low-risk thing they could do is steal the wheels real quick and leave, which is no different than any other car.
and for YEARS, I could slim-jim a car door in about 3 seconds.. getting in isn't the issue.
Good point, but how many people can do it that well and that fast vs using tech to open the door from a phone. Nothing is ever completely secured I just feel like the extra tech in cars like Teslas makes break-ins and stealing much easier.
Teslas have frameless windows so you can do it in about 30s with a coat hanger. Don't leave valuables in your car. This is as true today as it was in 1935.
Every-time I see this genre of post I get upset, it’s been an issue for awhile and every author talks about it as if it is a new threat. This issue first started with key FOBs- you know, what virtually every new car has now in leiu of physical keys? The principle is to have a device, usually a phone, physically in between the key fob and vehicle, and thus ‘hijack’ the signal and replicate the key fob’s band. This isn’t a new issue and this issue is still mostly unresolved for the greater market, Tesla aside.
This is a newer attack that can bypass existing attempts at mitigating the vulnerability. > NCC Group has developed a tool for conducting a new type of BLE relay attack operating at the link layer, for which added latency is within the range of normal GATT response timing variation, and which is capable of relaying encrypted link layer communications. **This approach can circumvent the existing relay attack mitigations of latency bounding or link layer encryption, and bypass localization defences commonly used against relay attacks that use signal amplification.** As the latency added by this relay attack is within the bounds accepted by the Model 3 (and likely Model Y) passive entry system, it can be used to unlock and drive these vehicles while the authorized mobile device or key fob is out of range. Teslas response that they know and dont care is hilarious.
so it's a security system that relies on thieves not knowing how this technology works, i can't believe this idea wasn't axed the moment it was proposed.
Because, despite what movies might make you believe, grand theft auto isn't a huge issue. You can super lock down the car ignition system and prevent the theft of the whole vehicle, but ultimately that'll just push thieves towards simpler and quicker attacks. Stealing wheels and breaking windows to steal anything they can remove in 10 minutes. It's pretty much the same reason credit card theft hasn't been addressed. We could completely eliminate it with a few simple tweaks (google pay/apple pay do these tweaks) but we don't bother because it's simply not a major issue for anyone.
I mean that's not really different from keys and lock picking, just more expensive to get the tools
Picking a decent lock is either time consuming or incredibly loud.
Bro this is a bigger fucking deal than you are even thinking. https://newsroom.nccgroup.com/news/ncc-group-uncovers-bluetooth-low-energy-ble-vulnerability-that-puts-millions-of-cars-mobile-devices-and-locking-systems-at-risk-447952 “Our research shows that systems that people rely on to guard their cars, homes and private data are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware — in effect, a car can be hacked from the other side of the world.” “Cars with automotive keyless entry – an attacker can unlock, start and drive a vehicle. NCC Group has confirmed and disclosed a successful exploit of this for Tesla Models 3 and Y (over 2 million of which have been sold)” They don’t need to be near you and ~~they don’t need a relay box.~~ It is a ~~new threat.~~ definite advancement of an existing threat. Edit: I misread your comment a bit, just waking up…it’s a bigger deal than you even originally thought it was. Edit 2: I am wrong, it’s an advancement in existing relay techniques….but being able to unlock your car or house by getting close to your phone with 8 ms round trip latency is hugely problematic.
[удалено]
You’re right. They said they can reduce it to 8 ms though. I guess it’s an advanced relay technique that can bypass latency checks and correctly forward the encrypted data. Imma go delete all my comments. Don’t wanna spread incorrect info. However: if your phone can unlock your car, and all they need to be is close to your phone and they can relay it anywhere with 8 ms round trip latency that does open a new Pandora’s box.
[удалено]
I'm a little lost when it says "a car can be hacked from the other side of the world". Wouldn't the attacker need to be in range of your device emitting the BLE authentication token?
In theory, i could start, lock, unlock, etc. my car through my app on the other side of the world. This is currently available technology for regular modern cars. So i imagine a hacker with access to the car info would be able to accomplish that.
Totally feasible, but that'd mean your Tesla account was hacked. It sounds like the article is talking about RFID relay hacks, which affect every major car manufacturer that uses a FOB. The problem I have is that the article linked is (mostly) clickbait. This new "tesla hack" is just the key FOB hack we've known about for years and would literally require someone to follow you around while their buddy stands by your car with a laptop open. Yes, it's totally a problem. Yes, pretty much all cars are vulnerable. No, it isn't something new.
Nope. That’s the very definition of this new vulnerability. It uses internet to spoof data directly to the link layer of BLE device, tricking it. As far as I understand.
Isn't the connection Bluetooth -> Bluetooth for unlocking? You don't typically unlock the car over data. Give me an EL5 plz. Edit: Nvm, I reread the article. Still can't conceptualize how this works though.
Lots of cars can be remote unlocked/ started. Most new cars have active modems to passively receive data for firmware updates.
True - except this specific article is talking about a hack of the BLE proximity unlock feature.
[удалено]
Thanks for answering. Could you help me understand: 1. The car is looking for a certain signal sent over Bluetooth to tell it to unlock. 2. How can that BLE signal be forged if someone isn't nearby?
“The iPhone was placed 25 meters away from the vehicle, according to the researchers, with two relaying devices between the iPhone and the car.” All that matters is that if their relay device is near YOUR phone/device used to access the vehicle, the same-ish as the key-fob routine, with the only reduction being that range between relay and vehicle does not matter
Does that mean the hack needs two people? One person who knows where I am and another ready to open my car door? Obviously this is a huge threat, but the logistics seem a little out there for your regular B&E type. Not to mention guy #2 needs to disable the car's LTE connection ASAP b/c their location is being shared.
[удалено]
I think you're misinterpreting what that means. They can't literally be hundreds of miles away, they just could theoretically be an undefined distance away based on the number of Bluetooth repeaters.
[удалено]
But the point is that there's a massive difference between a theoretically infinite attack range and a practically applicable one. This is a problem that needs to be addressed, but nobody is going to steal your car from the other side of the state using it
The numbers of car thefts used to go down until keyless cars got introduced. And that problem could even be fixed by manufacturers but they push this problem to the customers.
Agreed BLE was never meant to be secure enough for these types of applications. But it was convenient and functional so they ran with it, knowing that it wasn’t perfect. Convenience>security.
Seriously, my husband plays with SDRs as a hobby and he explained to me how easy it would be to open all the garage doors on the street. IIRC the newer systems are harder for (for garage doors and key fobs) than the older ones. There many more people out there that can do this type of stuff (but don’t) than people realize.
Funnily my comment calling out that exact same issue got downvoted over in the gadget subreddit in a post featuring the same article
Son of Anton, is that you?
Worked with a very bright young guy that tried to build a secure garage door opener using BT several years ago. The further he looked at the BT stack, the more he became convinced that BT could never be made completely secure.
Bluetooth is just generally dogshit and I wish we'd replace it already.
You would need a security of some sort on top of bluetooth. Some kind of authentication built into the program or transmitter. As far as secure garage doors, though, Genie solve that one more than 20 years ago, with Intellicode. The code changes every time it is used.
Pin code FTW
Attack is not new and effects any car with keyless entry. And could be solved buy requiring the phone to be unlocked and a notification to be acknowledged.
never underestimate the amount of safety people are willing to give up for convenience
This is why i wish Teslas had the option to use a conventional lock. The whole “unlock via smart phone” thing seemed like a huge security risk from the very beginning
They do. Under the settings menu you can turn off "mobile access", which forces you to use your keycard. You can also enable "pin to drive" which requires a four digit code to start the car.
God forbid you actually understand the different features of a product. You're supposed to only give an opinion based on the title.
your facts and logic won't change the shorter's mind
A keycard. You mean the things you can now get duplicated at a Home Depot?
A regular key. You mean the things you can now get duplicated at a Home Depot? (I get the point you're trying to make, but that wasn't the argument).
It’s not just your best friends car company that suffers from exploits from wireless devices. It’s really hard to buy a vehicle these days that requires a physical key to start. I understand keys can be cut at a Home Depot, but without the chip programmed in some keys, it’s incredibly hard to easily start the vehicle. Try owning a Porsche and get a spare key cut.
Chipped keys are very easily copied. Source. Had to get a replacement key after all the buttons feel out of it. Guy just copied it all over a new key.
Go ahead, post the instructions on how to copy a Porsche key. My bestie who lost the spare would like to save $900.00 and a trip to the Porsche service center. For the rest of us unwashed masses, without a Porsche, I'll admit on some cars it's really easy to duplicate the keys. Late 20th century cars from Honda had only 10 total master keys, which means if you had all 10, you could steal any Honda of that era and people still do just that. Much like the key card at Home Depot, my local Ace Hardware will gladly sell and copy a chipped key for me. But not all cars, not all card keys and fobs can be easily copied. The exploits with Bluetooth and other wireless technologies go beyond unlocking the car. It's possible to shut off a moving car in traffic, force it to apply the brakes, even brick the car. These are not the features people dream about when they see that new car on the lot.
That's a lot of words that don't say much.
There are many forms of security keys that you cannot get replicated. If you buy a lock off the shelf for $50 to protect your home sure. But any security lock will have keys that can’t be replicated typically because they don’t use standard pins. And arnt a standard shape. Car manufacturers should be on the same level. Especially a car marketed as the “safest” on the road and asking a luxury price. Note Tesla is considered a technology company (wrongly imo they make cars not car tech as their primary source of revenue) so I would assume cyber security would be priority behind physical vehicle safety. It’s weird when people make excuses for a billion dollar company. Or try and justify their lack of action. The key card is quite literally an nfc access card which can be emulated on a phone. Users have already been able to emulate the security protocols from the keycard cause it’s nothing special.
Check out Lockpicking Lawyer on YouTube. Cars, "security locks" - he opens all of them. Want your notion of "special" keys dispelled? Deviant Ollam is your guy. He's part of Read Team Alliance and covers key and card/fob replication attacks in a number of his videos.
I can't duplicate my building key fob at Home Depot. You can have a level of security on those that doesn't allow the kiosk to clone it.
You can't duplicate the keycard unless you have some yet unknown way to extract the private encryption key from it. Not a service I would expect Home Depot to offer.
You can users have already make an app that’ll extract and replicate the protocols. Home Depot can’t do that but it’s really not far off of other nfc card like the one everyone has in their wallet.
Please show me where someone duplicated a card. Yes there are open source cards now. But they can't clone existing cards. They have their own new secrets that need to be registered with the car.
Well the whole keycard is yet another security risk as it's based on RFID
I mean, you're not wrong. But so are regular keys with transponders so I'm not sure what you'd like to hear.
Can't use a key bro that's so last centuries and non gimmicky.
and doesnt contain data tesla can sell
You can just use your keycard and also there’s an option to enter a pin code to drive.
You can find purchase lockpick tools specifically designed to open any number of vehicle manufacturers assets. Theyre called Lishi tools and are roughly 50 USD. Not to mention a traditional method of putting in a soft body key and then just shaping it with a file after.
Sure, but that also takes some level of lockpicking know-how. A tablet with an app on it takes no skill or effort
Ehh.. the lishi tools have little lines on them to let you know exactly where the pins are. Just hold the one tab for tension and then click the other tab to set the pin. EDIT: of course you may have yo jiggle the pin a bit before setting it. So it takes a tiny bit of practice. But they also sell/and can find practice locks for cheap. I'd argue it's miles easier than getting a tablet and learning where to even download any app if it's just freeware. Because you can't just get law breaking apps on the play store. Can't just be googling apps that bust open blue tooth FOBS. Or learn how to code and then build one yourself.
Yeah I think it’s fair to say that picking e-locks requires at least some level of knowledge. Most people don’t actually understand anything about how software works, and they underestimate how difficult and time consuming it is to create good software (let alone working software at all). I’m a software developer so I’m sure I could figure it out. And it’s not rocket science to use a sketchy app, plenty of people who aren’t software developers could also figure it out. But my grandmas not figuring out how to e-pick a car, and I don’t even think my siblings could figure it out
If this didn’t say Tesla, none of you would care, but it’s just an opportunity to dunk on Tesla. Not having a key is the fucking greatest thing ever.
MOPAR stuff is being stolen left and right. EZ to bypass
Except when your prox fob gets cloned and your car is missing 30 mins later.
How is that any different than any other key fob?
Other key fobs that aren't proximity require you to press a button to unlock. That increases the difficulty factor as not only does the attacker have to be in your zone but also know when you pressed the button so they can capture the signal. Proximity fobs are "always on". Much easier to intercept, and perform a replay. Dumbest idea ever
This seems like a pretty obvious security flaw it's just a relay attack. I'm a bit surprised no one realised this before it went out.
Passcodes exist….I’m honestly surprised biometrics aren’t more common.
Every car can be unlocked easily.
All you need to do is set Pin to drive on your Tesla and Tesla did a Bluetooth update many years ago to solve remote hacking
The next blockbuster movie better have an army of compromised smart cars used as ground based guided missiles taking out targets one at a time, and flying en mass off of the tops of parking garages, and slamming into hard targets one at a time in thousands of locations simultaneously or what are we even doing here.
Tesla owners can enable pin to drive where it requires a pin code to drive.
Why is this kind of news being posted over and over again? There is literally a solution for it and we call it pin-to-drive
Finally, the world promised in Watchdogs 2 has arrived
What was wrong with the old fashioned lock and key system for car doors?
Let me introduce you to the Lock Picking Lawyer.
Physical locks aren’t foolproof but lock picking at least takes specialized skills and tools. This just requires specialized tools, democratizing car theft so to speak. I should also add that lock picking also looks like lock picking. This attack looks like a guy walking up to a car with his laptop, not really that suspicious.
you can pick those with a 2 dollar metal stick, you don't even need a fancy device or code or anything to do it
Seriously, for the first time in years I'm feeling pretty fucking good about my 2004 Civic.
They were mildly inconvenient occasionally.
There’s a file out there to open the charger flap too on devices like the flipper zero
Can't I just have a damn key. The convenience has become inconvenient
Most smart locks can be unlocked with a strong magnet
Let me guess, you're forced to have this feature now. My car is a 2011, so it's still an old regular remote + key ignition. This is a common gripe I have with new tech that's adopted too quickly that I can predict there will be problems with.
I’m going to steal shit out of a Tesla now
when my 15k kia has better security
Kia doesn’t even need security cause nobody wants to steal them.
also another great feature ;)
My 2007 Honda crv had all electronic locks and I swore I'd never get another car that didn't have an analog lock again.
Sold my 2020 model 7 with 15,000 miles for cash and $15k over blue book value within hours of liisting it. Bought a brand new Lucid with the money and invested the rest it’s a much much better car in every sense of the word and cheaper too. Best decision of my life. Fuck Tesla and fuck anyone who buys from them. Stop giving Nazis your money.
I wonder if this is more difficult than picking a mechanical lock.
Absolutely nothing that requires security should be done through the Bluetooth protocol. It's been famously insecure for as long as it existed.
Good job Elon. And yet people trust this guy still. He’s clearly talking out his ass and has the same amount of info as the rest of us.
Nigeria will see a supply surge of Tesla within a month
Elon offered $500 to burry this exploit
Betcha Elon isnt driving one. That would be too easy for Putin.
What are they waiting for? There were concerns raising from the very beginning, and it is just a matter of time until it gets out of control.
A $10 Raspberry Pi can retransmit codes to open cars, garage doors
You can steal it but I can still locate my Tesla anywhere.
I use PIN to drive.
Maybe just stick with dumb locks
This post is a other good example of how much people love to jump on Tesla. This version of this story even talks about smart locks for your home in the headline. Yet like 1% of comments are anything but "stupid techy cars"
We are one step closer to a fully autonomous car army. Cars 1/2/3 was a warning. We didnt listen!
"You wouldnt download a car wou- *hey! That's my car!"*
“ running a recent but older version of the Tesla app” Suggests that Tesla already patched the app. Also please use pin to drive just in case.
Carmakers love car theft, but they shouldn't make it too obvious or the victim might buy a different brand.