The insurance industry will love this.
Oh no, a more expensive subscription (for insurance) for a car that makes you already subscribe to be a beta tester of a technology that runs you into the side of a train!
Why would they love this? More claims means they have to pay out more. Even if they’re assholes and don’t pay out, they still have to process and fight claims which costs money.
They’ll raise rates on Teslas higher to offset that and make more money in the process.
If you have a Tesla and you’re worried about this it’s probably worth enabling pin to drive. Not sure about all the other brands that are impacted but hopefully they have a similar feature.
Couldn’t a Model 3/Y owner also just disable the phonekey and use the NFC cards? NFC only broadcasts a few inches right? I would think that would be VERY hard for a malicious actor to capture with relay/replay attack.
Following that, is it possible to use the Phonekey only in NFC mode or is it always broadcasting on Bluetooth LE and NFC?
I just tried this a couple different ways:
- Removing permission for “nearby devices” - this unfortunately appears to block both Bluetooth and NFC permission
- Turning off the phone’s Bluetooth - NFC still works while the Bluetooth radio is off, but you’d basically never be able to safely use Bluetooth anytime you aren’t watching your car. Setting a PIN is still unfortunately the only way to go, and hope that a dedicated attacker doesn’t also find a way to capture your PIN (e.g. camera zoomed in on your screen).
So we’d need Tesla to push a software change in the app with an option to turn off the Bluetooth LE signal, but leave the NFC on to continue to use Phonekey safely.
I guess the only safe alternative is using the NFC cards.
One of my coworkers carries a flipper zero around and opens up every single Tesla gas door we see. He hasn’t tried it on the cybertruck yet, the ones I see are usually on the move.
My favorite so far has been spoofing amiibos on the switch for Zelda goodies
Archive link plz
Here you go: archive.is
You can also just put the link into 12ft.io
I thought that didn’t work anymore but maybe that’s just the paywall removal.
Worked for me, I always use it on wired.com due to their paywall
What kind of tech do you need for this?
An appropriate SDR, or a prefab kit you can buy online.
Relay attacks on keyless systems are nothing new, plenty of documentation and articles you can use to read up on the specifics.
Can the Twitter LLM explain the process?
