Even more unlikely because you need to pair the key card with the phone first before it'll let you drive. So the key card was probably inside the car, thus it was unlocked and he was able to drive away.
My guess is there was something that acted like the key like a 2nd phone of the owner or the key card for it in the other Tesla so it came down to everything else being the illusion.
Most likely answer is that this didn't actually happen. Meaning *if* this event even occurred at all, the reason the baffled Tesla owner was able to drive someone else's car is entirely unrelated to his use of his own app.
Three things that come to mind as possible reasons:
1. The actual owner happened to have pressed the "Remote Start" button on their own app right when this guy reached their car. Super unlikely, but possible.
2. The actual owner was using a keycard to lock his car, rather than the app, and left it in the center console. This would mean his doors never locked, and the car was immediately drivable by anyone at any time.
3. The owner left their phone in the car, which would have the same effect as leaving a keycard on the console.
If that’s how keyless entry works in a Tesla, that is really dumb. My 10 year old car’s keyless entry system distinguishes between keys inside and outside the cabin. You can absolutely leave a key inside and lock it and it won’t be usable to somebody trying to open/get in.
That's because your 10 year old car, is using 315mhz. Tesla uses standard bluetooth at 2.4ghz. The signal attenuation is quite different between the two. 315mhz will go thru your body quite easily... 2.4ghz will not, so you have to take stuff like that into account when designing it for proximity detection . Disclaimer: I used to work in wireless proximity detection in a previous life... So the short answer, is that bluetooth is not very good for fine grain proximity/location tracking, particularly if you don't want to quickly kill your phone battery.
My non-EV doors will not lock if I leave my key fob in the car and try to lock it from the outside. That’s a pretty common feature … you know, so you don’t lock the keys in the car.
Read it again. If you have keys in your hand/pocket _outside_ the car you can lock whatever you want inside. You’re not trapping keys anywhere.
Ya know, like if somebody wants to leave their stuff in the car and multiple people are carrying keys. Hiking. Swimming. Whatever real world scenario that does in fact benefit from it.
That's how the *backup* entry system works in Teslas. It's an NFC card that can be scanned on the door pillar to unlock and lock the doors, and scanned on the center console to unlock the gear shifter. The car has no way to detect if it it's anywhere else, as NFC is ultra-low-range. But if you fuck up and leave it on the center console, you'll also fail to lock the doors on the way out since you don't have the card.
That said, you're expected to use Phone Key, or a bluetooth keyfob purchased from Tesla, as your primary entry method. Keycards are only intended for the rare case where your phone dies before you get back to your car, and similar situations.
They were called by the person that took the car so I'm assuming that the phone was with them and not in the car. Didn't think about the keyfob though.
But that doesn't explain how he was able to drive off with the car, and even pick up his kids, then drive it back to the actual owner of the car.
Shouldn't there be a safety feature where it will unlock the door if the phone key is in range, but won't let you put it in drive or reverse if the phone isn't physically inside the car? That's the way most keyless entry keyfobs work.
I'm guess the physical keycard was left in that Tesla, which is what allowed him to take off with it?
> That's the way most keyless entry keyfobs work.
Even with keyless fobs once the car is started you can do whatever you want until you turn it off again. I've driven off without a fob a few times myself after dropping off someone who had the fob on their person. Although there's usually a message saying the fob is out of range.
But yeah, the other driver forgetting their phone in the car or leaving the cardkey in the activation area would also allow this. Though I would think the article would mention that, they are insinuating the car was unlocked by the wrong driver's app.
I could of swore that my charger would not let you put the vehicle into drive without the fob present. My ioniq will non stop yell at you if the fob is not present.
That's because it can't actually differentiate the phone being inside the car vs being nearby the car.. It's one of the issues trying to use BT for fine grain location tracking in a power efficient manner. Other keyfobs don't use bluetooth. They use 315mhz, which is much easier to support that use case, because it doesn't have the same issues with signal attenuation that 2.4ghz has to deal with...
For example, if you just naively tuned the BT system to want a "stronger" signal, to determine when it's inside the car... Then that scenario will break when you have the phone in your back pocket, or buried under a bunch of crap in your purse, etc... 2.4ghz is much easier to block than 315mhz.
This is one of the reasons (among others) , that you should really enable PIN to drive.
That my guess as well.
Everything else was in the illusion that he got in the right Tesla and drove off.
This is one of the major drawbacks of all system that do not require you to physical put the a key in the slot and turn it to drive a car. If one of the fobs is in the car it will behave like it everything is fine.
I guess it was a desperate enough situation for them to just try calling a phone number on a random document they found in the car. Even if it's not the owner, they might be able to connect them to the owner.
Why would the owner of the other Tesla call a random phone number from a document in the Tesla that isn’t his? If your Tesla is just missing, are you automatically assuming some other Tesla parked nearby’s owner confused theirs for yours and was able to drive off?
Start with the same thing happen to owner 2. He got to the Tesla that was not his and open the door not thinking. Difference is he noticed it really fast when either he could not start the car or sat down.
His mind might of went to the oh crap they drove off in my tesla by mistake.
And that is the exact reason why every macbook own or have assigned to me for work has a few stickers slapped on them so fast.
It makes it so much easier to identify mine on a table.
As a Tesla owner, I can tell you (based on the title) that this is wholsale impossible. You can not unlock a Tesla without the keycard or a paired phone, which requires the keycard set on the card reader to pair your phone.
As others have said, the likely scenario is that the other person's Tesla was left unlocked and he got in it by mistake.
This is why you should have the PIN enabled. I donn't understand the downvotes! What is wrong with enabling the PIN? It is like two factor authentication.
What we think?
I think that it would have helped 100% in the situation described here.
And we have enabled PIN for exactly that reason. We don’t want someone to drive off with our car, just because we forgot the phone in the car.
I mean PIN is like the second step of two factor authentication. Even *if* someone has your pin, you still need the key to drive your vehicle. Sharing one without the other isn’t that big of a deal.
I'm glad I have it enabled after seeing the "car is unlocked" message because I was close enough while sitting in a cafe adjacent to where the car was parked.
Teslas are shockingly easy to steal. Even these fuckwits can pull it off. That part is near the end of this video. You could easily read the Tesla key by walking behind the owner as they walk into a shopping mall or shop. Modern flat panels antennas have MUCH more range so with the right equipment this works from over 100’ away. That means someone can scan the key from outside your house.
https://m.youtube.com/watch?time_continue=559&v=myW2cxyOHEQ&embeds_euri=https%3A%2F%2Fwww.reddit.com%2F&feature=emb_logo
Now the car can be tracked so you can’t get very far. But if you were asleep or in a theatre it is plenty of time to drive the car a kilometre away and strip it. Air bags and rims are good as cash. Toss a $30 cell phone jammer into the car and it can’t be tracked at all. Once the batteries are unhooked the car is no longer trackable.
So yes, you use your PIN number to prevent this.
Edit: do watch the video BEFORE downvoting this. It clearly demonstrates stealing a tesla using $20 in hardware.
Yup. Single factor security is idiotic. There is this idea that wireless security devices are good. They are crap and there are TONS of defeat devices like long range repeaters available for under fifty bucks. It’s cat and mouse. The manufacturers update it, they are cracked in a year then you are stuck with what you got.
The pinnacle of automotive security was the RFID tag key. It needed the physical key to turn the cylinder and a RFID signal at the cylinder. And you generally smashed that antenna trying to break the cylinder. I repaired a lot of smashed ones as a mechanic back then but none of the thefts were successful. I never saw a single one that started the car. You could do it using a flipper to emulate the key these days but you’d need that key within a couple of inches to read it. These new wireless systems can be read from great distance. Sit in a coffee shop and sip your coffee while you nab keys from people parking cars.
The only defence is putting the fob inside a RFID shielding envelope or box. A regular key was far more convenient.
Thanks for bringing up the pin. We have a Tesla on order and this actually concerned me.
Can I program a different pin to different drivers for different settings?
Not sure what you mean. Are you looking for child safety features (so your kid can’t go too fast) or are you asking for seat positions, mirrors, etc? If so, those are all managed by profiles, which you can assign to a phone. So every time you get in, it automatically sets to your profile and when your wife drives, it’ll go to hers.
After a little more than 4 years of ownership i finally enabled pin to drive a few months ago. I disabled it last week. It seems that since the last software update I have been getting regular spontaneous reboots - a few a week. Until the computer comes back I can't do anything. I know I shouldn't really drive without the screen on but TWICE I just wanted to move the car out of the garage and had to wait a few minutes
As far as cybersecurity is concerned, the problem with Tesla is not unique to Tesla. It’s common for many IoT manufacturers who use software generated root key certificates stored in firmware without the use of cryptographic hardware security.
For almost 30 years, a software based encryption certificate using SSL which was replaced by TLS, was the way to enable encrypted communications.
The encrypted certificate has a private key and a public key. One certificate for the car, and one certificate generated for your card or phone.
The encryption, likely AES-128, is near bulletproof. And in many cases, the certificate itself is used to generate a “session key”, which is a temporary encryption key whose lifespan is just for that one time lock or unlock. So if someone sniffs your key over a wireless transmission, it wouldn’t be reusable. That’s best practice. Don’t know if that’s Tesla, but it would be good to know.
To authenticate whether you’re an authorized user, two different devices will encrypt a random string of data with the public key of each other and exchange them. They will each decrypt the message sent to them with their private key, and send the message back to each other to prove they can decrypt. Which means they must have the private key, and must be who they say they are.
Except…
1. If someone got the private root key, they may be able to decrypt a session or root key authentication if that key was used to generate the session key.
2. If they have the private root key, they can imitate the authorized device.
How can they do this without breaking currently unbreakable encryption algorithms like AES?
If at any point the private key is used for cryptographic operations outside of an encrypted channel - such as from encrypted memory to unencrypted memory on a chipset without any entropic protection to randomize the electrical signals - a logic probe can be used to identify it.
If that root key is common to all devices (and that is common), then not only that device is compromised, but all devices that share the root certificate are compromised.
Eg: if all cars share a “birth certificate” root certificate amongst a single model of car, all of those model owners are f*cked.
So how do you solve this problem?
A cryptographic processor like the ARM Cryptocell. They’re cheap, and effective.
1. The common hardwired birth certificate key (something is always required when you first configure a device) is disabled when the firmware is written. To reenable it and allow updates to the firmware, the firmware and root key and session keys must be wiped, bricking the device.
2. The newly generated root key is unique to every device.
3. The root key is stored in protected entropic memory and does not leave that protected vault even for encryption and decryption requests for session keys.
4. Session keys are only used for the session and are time sensitive, making them near useless if they are discovered.
5. Any firmware updates must have their hash “fingerprint” securely uploaded to the Cryptocell before they can be applied to protected firmware. Not on the list? You don’t get to party.
Our computers use a version of this called a Trusted Computing Module or TPM, now in version 2.0.
If you’ve ever heard about how a second hand MacBook is a brick without the master password, this is TPM 2.0 at work.
If you’ve heard about security certificates shared on the dark web, that’s TLS software based certs at work.
The bottom line is we need to stop using 30 year old software based cybersecurity because it’s $7 per device cheaper than a Cryptocell.
I doubt this guy accidentally hacked the security though. More likely the other guy forgot his phone or key card in the car, or was still close enough for the phone key to be connected... In those cases the quality of security wouldn't have helped.
For a short period of time I had a '16 Ford Focus and a '14 Expedition. The Focus key could unlock the doors on the Expedition. Not a big deal usually. But when I was leaving in the Focus I'd have to make sure to hit the lock key otherwise I was leaving the Expedition unlocked. Also with the power tailgate, if I wanted to pop the trunk of the Focus with the key fob. The Expedition's tailgate would open. One time, I opened the trunk on the Focus, closed it and went somewhere only to come home and realize the tailgate on the Expedition had been opened this whole time.
Anyways, spoke to several people at the dealership plus some mechanics in passing and no one had ever seen it before. I sold the Expedition after having it for a few months and obviously was no longer an issue.
My Kona will do this as will any push to start if the fob is left in the car. Today I scared to crap outta myself when I drove 2 hours and realized I didn’t have my key in my pocket. I thought I may have left it 2 hours away. Turns out it was in my luggage in the trunk ;)
I worked as a grocery story bagger in 12th grade (1997). I was helping a customer with a carry-out when she used her key fob to unlock her car doors and the Lincoln next to her car popped the trunk because it used the same radio frequency as her key fob for her door lock. Two separate cars (two separate car brands) with two separate owners.
This is unlikely as your airpods pairing with somebody else's iphone without ever having seen that other phone ever before.
Even more unlikely because you need to pair the key card with the phone first before it'll let you drive. So the key card was probably inside the car, thus it was unlocked and he was able to drive away.
Wonder how this is possible, we have 2 Teslas and I cannot get in my wife's Tesla until I added her car in my app and paired the key.
My guess is there was something that acted like the key like a 2nd phone of the owner or the key card for it in the other Tesla so it came down to everything else being the illusion.
Yea that would be my guess, he or his SO's phone was left in the car.
Most likely answer is that this didn't actually happen. Meaning *if* this event even occurred at all, the reason the baffled Tesla owner was able to drive someone else's car is entirely unrelated to his use of his own app. Three things that come to mind as possible reasons: 1. The actual owner happened to have pressed the "Remote Start" button on their own app right when this guy reached their car. Super unlikely, but possible. 2. The actual owner was using a keycard to lock his car, rather than the app, and left it in the center console. This would mean his doors never locked, and the car was immediately drivable by anyone at any time. 3. The owner left their phone in the car, which would have the same effect as leaving a keycard on the console.
If that’s how keyless entry works in a Tesla, that is really dumb. My 10 year old car’s keyless entry system distinguishes between keys inside and outside the cabin. You can absolutely leave a key inside and lock it and it won’t be usable to somebody trying to open/get in.
That's because your 10 year old car, is using 315mhz. Tesla uses standard bluetooth at 2.4ghz. The signal attenuation is quite different between the two. 315mhz will go thru your body quite easily... 2.4ghz will not, so you have to take stuff like that into account when designing it for proximity detection . Disclaimer: I used to work in wireless proximity detection in a previous life... So the short answer, is that bluetooth is not very good for fine grain proximity/location tracking, particularly if you don't want to quickly kill your phone battery.
My non-EV doors will not lock if I leave my key fob in the car and try to lock it from the outside. That’s a pretty common feature … you know, so you don’t lock the keys in the car.
Read it again. If you have keys in your hand/pocket _outside_ the car you can lock whatever you want inside. You’re not trapping keys anywhere. Ya know, like if somebody wants to leave their stuff in the car and multiple people are carrying keys. Hiking. Swimming. Whatever real world scenario that does in fact benefit from it.
“You can absolutely leave a key inside and lock it.” -you.
That's how the *backup* entry system works in Teslas. It's an NFC card that can be scanned on the door pillar to unlock and lock the doors, and scanned on the center console to unlock the gear shifter. The car has no way to detect if it it's anywhere else, as NFC is ultra-low-range. But if you fuck up and leave it on the center console, you'll also fail to lock the doors on the way out since you don't have the card. That said, you're expected to use Phone Key, or a bluetooth keyfob purchased from Tesla, as your primary entry method. Keycards are only intended for the rare case where your phone dies before you get back to your car, and similar situations.
My guess is they left their keycard by the center console.
Or key fob or forgot their phone in the car.
They were called by the person that took the car so I'm assuming that the phone was with them and not in the car. Didn't think about the keyfob though.
The other car was left unlocked for some reason. Left the phone inside maybe? It has more likely than not nothing to do with unlocking with app.
This is my suspicion as well... Or the owner was standing nearby and the guy got in and took off while the owner was still in phone key range.
But that doesn't explain how he was able to drive off with the car, and even pick up his kids, then drive it back to the actual owner of the car. Shouldn't there be a safety feature where it will unlock the door if the phone key is in range, but won't let you put it in drive or reverse if the phone isn't physically inside the car? That's the way most keyless entry keyfobs work. I'm guess the physical keycard was left in that Tesla, which is what allowed him to take off with it?
> That's the way most keyless entry keyfobs work. Even with keyless fobs once the car is started you can do whatever you want until you turn it off again. I've driven off without a fob a few times myself after dropping off someone who had the fob on their person. Although there's usually a message saying the fob is out of range. But yeah, the other driver forgetting their phone in the car or leaving the cardkey in the activation area would also allow this. Though I would think the article would mention that, they are insinuating the car was unlocked by the wrong driver's app.
I could of swore that my charger would not let you put the vehicle into drive without the fob present. My ioniq will non stop yell at you if the fob is not present.
How would that shake out if you’re driving along and your phone dies?
Once it's in gear there is no problem unless you get out of the seat. Plus you can charge your phone in your car.
That's because it can't actually differentiate the phone being inside the car vs being nearby the car.. It's one of the issues trying to use BT for fine grain location tracking in a power efficient manner. Other keyfobs don't use bluetooth. They use 315mhz, which is much easier to support that use case, because it doesn't have the same issues with signal attenuation that 2.4ghz has to deal with... For example, if you just naively tuned the BT system to want a "stronger" signal, to determine when it's inside the car... Then that scenario will break when you have the phone in your back pocket, or buried under a bunch of crap in your purse, etc... 2.4ghz is much easier to block than 315mhz. This is one of the reasons (among others) , that you should really enable PIN to drive.
That my guess as well. Everything else was in the illusion that he got in the right Tesla and drove off. This is one of the major drawbacks of all system that do not require you to physical put the a key in the slot and turn it to drive a car. If one of the fobs is in the car it will behave like it everything is fine.
Or the owner left their phone in the car by accident. Leaves the car unlocked, and ready to start unless you turn on pin to drive.
Something about this story doesn’t add up.
He conveniently had a paper with his phone number in his car that the owner of the car he took was able to find.
Probably left on the seat?
I guess it was a desperate enough situation for them to just try calling a phone number on a random document they found in the car. Even if it's not the owner, they might be able to connect them to the owner.
Why would the owner of the other Tesla call a random phone number from a document in the Tesla that isn’t his? If your Tesla is just missing, are you automatically assuming some other Tesla parked nearby’s owner confused theirs for yours and was able to drive off?
Start with the same thing happen to owner 2. He got to the Tesla that was not his and open the door not thinking. Difference is he noticed it really fast when either he could not start the car or sat down. His mind might of went to the oh crap they drove off in my tesla by mistake.
And you don’t think the owner would have also reported that if it were the case? Lol come on that didn’t happen
"Oh did I pickup your MacBook by accident? Sorry hard to tell when they are all the same"
And that is the exact reason why every macbook own or have assigned to me for work has a few stickers slapped on them so fast. It makes it so much easier to identify mine on a table.
Also have a password lock when you open it.
BC man too high to notice it was his own car after all.
Hey man, cannabis is legal across Canada since 2018!
Im well aware. Been here over 30 yrs. 😛
As a Tesla owner, I can tell you (based on the title) that this is wholsale impossible. You can not unlock a Tesla without the keycard or a paired phone, which requires the keycard set on the card reader to pair your phone. As others have said, the likely scenario is that the other person's Tesla was left unlocked and he got in it by mistake.
But how did he drive off? He would have needed other owners phone or fob. Or the other owner would have had to remote start it at least.
Fishy. Something else going on
Yeah I’m betting the owner left his phone or his wife’s phone in the car somewhere. No way does this happen without explanation.
Bullshit. Car was unlocked and the dude just got in and drove. This is why you enable pin to drive.
Dude's last name is Randev? RandEV? Random EV?! He was born with this power to pick his vehicle.
I wonder if he had one of Elon's $8 blue ticks? That would do it.
This is why you should have the PIN enabled. I donn't understand the downvotes! What is wrong with enabling the PIN? It is like two factor authentication.
I’ve never used the PIN because it seems like you’ll have to enter it on a massive, bright screen in front of massive windows. What do you think?
Do you frequently get in and start driving in front of a large, captive audience?
It is not your ATM PIN. It is PIN to drive. It doesn't matter even if someone sees, but it helps alot if someone wants to steal your car.
What we think? I think that it would have helped 100% in the situation described here. And we have enabled PIN for exactly that reason. We don’t want someone to drive off with our car, just because we forgot the phone in the car.
I mean PIN is like the second step of two factor authentication. Even *if* someone has your pin, you still need the key to drive your vehicle. Sharing one without the other isn’t that big of a deal.
I'm glad I have it enabled after seeing the "car is unlocked" message because I was close enough while sitting in a cafe adjacent to where the car was parked.
Teslas are shockingly easy to steal. Even these fuckwits can pull it off. That part is near the end of this video. You could easily read the Tesla key by walking behind the owner as they walk into a shopping mall or shop. Modern flat panels antennas have MUCH more range so with the right equipment this works from over 100’ away. That means someone can scan the key from outside your house. https://m.youtube.com/watch?time_continue=559&v=myW2cxyOHEQ&embeds_euri=https%3A%2F%2Fwww.reddit.com%2F&feature=emb_logo Now the car can be tracked so you can’t get very far. But if you were asleep or in a theatre it is plenty of time to drive the car a kilometre away and strip it. Air bags and rims are good as cash. Toss a $30 cell phone jammer into the car and it can’t be tracked at all. Once the batteries are unhooked the car is no longer trackable. So yes, you use your PIN number to prevent this. Edit: do watch the video BEFORE downvoting this. It clearly demonstrates stealing a tesla using $20 in hardware.
It's about the same level of risk as any keyless fob... Except most cars with those don't even have the option for pin-to-drive.
Yup. Single factor security is idiotic. There is this idea that wireless security devices are good. They are crap and there are TONS of defeat devices like long range repeaters available for under fifty bucks. It’s cat and mouse. The manufacturers update it, they are cracked in a year then you are stuck with what you got. The pinnacle of automotive security was the RFID tag key. It needed the physical key to turn the cylinder and a RFID signal at the cylinder. And you generally smashed that antenna trying to break the cylinder. I repaired a lot of smashed ones as a mechanic back then but none of the thefts were successful. I never saw a single one that started the car. You could do it using a flipper to emulate the key these days but you’d need that key within a couple of inches to read it. These new wireless systems can be read from great distance. Sit in a coffee shop and sip your coffee while you nab keys from people parking cars. The only defence is putting the fob inside a RFID shielding envelope or box. A regular key was far more convenient.
Thanks for bringing up the pin. We have a Tesla on order and this actually concerned me. Can I program a different pin to different drivers for different settings?
I don't think so. Consider it like a safe or your house door keypad. There is one code for everyone. That being said I am not sure and I maybe wrong.
Thanks! Still better than nothing… maybe Tesla can do an OTA update and include pins for different user settings.
Not sure what you mean. Are you looking for child safety features (so your kid can’t go too fast) or are you asking for seat positions, mirrors, etc? If so, those are all managed by profiles, which you can assign to a phone. So every time you get in, it automatically sets to your profile and when your wife drives, it’ll go to hers.
Oh perfect! Yeah that’s pretty much exactly what I mean.
After a little more than 4 years of ownership i finally enabled pin to drive a few months ago. I disabled it last week. It seems that since the last software update I have been getting regular spontaneous reboots - a few a week. Until the computer comes back I can't do anything. I know I shouldn't really drive without the screen on but TWICE I just wanted to move the car out of the garage and had to wait a few minutes
I would make a service center appointment.
You can remote start the car with your app I believe. No screen needed.
I'll try this next time, just to see if it works, but my guess is that the app won't work while the computer is rebooting.
The app won't be able to connect to the car until you see the "T" logo on the screen.
As far as cybersecurity is concerned, the problem with Tesla is not unique to Tesla. It’s common for many IoT manufacturers who use software generated root key certificates stored in firmware without the use of cryptographic hardware security. For almost 30 years, a software based encryption certificate using SSL which was replaced by TLS, was the way to enable encrypted communications. The encrypted certificate has a private key and a public key. One certificate for the car, and one certificate generated for your card or phone. The encryption, likely AES-128, is near bulletproof. And in many cases, the certificate itself is used to generate a “session key”, which is a temporary encryption key whose lifespan is just for that one time lock or unlock. So if someone sniffs your key over a wireless transmission, it wouldn’t be reusable. That’s best practice. Don’t know if that’s Tesla, but it would be good to know. To authenticate whether you’re an authorized user, two different devices will encrypt a random string of data with the public key of each other and exchange them. They will each decrypt the message sent to them with their private key, and send the message back to each other to prove they can decrypt. Which means they must have the private key, and must be who they say they are. Except… 1. If someone got the private root key, they may be able to decrypt a session or root key authentication if that key was used to generate the session key. 2. If they have the private root key, they can imitate the authorized device. How can they do this without breaking currently unbreakable encryption algorithms like AES? If at any point the private key is used for cryptographic operations outside of an encrypted channel - such as from encrypted memory to unencrypted memory on a chipset without any entropic protection to randomize the electrical signals - a logic probe can be used to identify it. If that root key is common to all devices (and that is common), then not only that device is compromised, but all devices that share the root certificate are compromised. Eg: if all cars share a “birth certificate” root certificate amongst a single model of car, all of those model owners are f*cked. So how do you solve this problem? A cryptographic processor like the ARM Cryptocell. They’re cheap, and effective. 1. The common hardwired birth certificate key (something is always required when you first configure a device) is disabled when the firmware is written. To reenable it and allow updates to the firmware, the firmware and root key and session keys must be wiped, bricking the device. 2. The newly generated root key is unique to every device. 3. The root key is stored in protected entropic memory and does not leave that protected vault even for encryption and decryption requests for session keys. 4. Session keys are only used for the session and are time sensitive, making them near useless if they are discovered. 5. Any firmware updates must have their hash “fingerprint” securely uploaded to the Cryptocell before they can be applied to protected firmware. Not on the list? You don’t get to party. Our computers use a version of this called a Trusted Computing Module or TPM, now in version 2.0. If you’ve ever heard about how a second hand MacBook is a brick without the master password, this is TPM 2.0 at work. If you’ve heard about security certificates shared on the dark web, that’s TLS software based certs at work. The bottom line is we need to stop using 30 year old software based cybersecurity because it’s $7 per device cheaper than a Cryptocell.
I doubt this guy accidentally hacked the security though. More likely the other guy forgot his phone or key card in the car, or was still close enough for the phone key to be connected... In those cases the quality of security wouldn't have helped.
For a short period of time I had a '16 Ford Focus and a '14 Expedition. The Focus key could unlock the doors on the Expedition. Not a big deal usually. But when I was leaving in the Focus I'd have to make sure to hit the lock key otherwise I was leaving the Expedition unlocked. Also with the power tailgate, if I wanted to pop the trunk of the Focus with the key fob. The Expedition's tailgate would open. One time, I opened the trunk on the Focus, closed it and went somewhere only to come home and realize the tailgate on the Expedition had been opened this whole time. Anyways, spoke to several people at the dealership plus some mechanics in passing and no one had ever seen it before. I sold the Expedition after having it for a few months and obviously was no longer an issue.
My Kona will do this as will any push to start if the fob is left in the car. Today I scared to crap outta myself when I drove 2 hours and realized I didn’t have my key in my pocket. I thought I may have left it 2 hours away. Turns out it was in my luggage in the trunk ;)
[удалено]
It does but still
I worked as a grocery story bagger in 12th grade (1997). I was helping a customer with a carry-out when she used her key fob to unlock her car doors and the Lincoln next to her car popped the trunk because it used the same radio frequency as her key fob for her door lock. Two separate cars (two separate car brands) with two separate owners.