I thought that didn’t work anymore but maybe that’s just the paywall removal.
akwd169@sh.itjust.works
on 23 May 2024 20:41
collapse
Worked for me, I always use it on wired.com due to their paywall
Bishma@discuss.tchncs.de
on 23 May 2024 03:38
nextcollapse
Can the Twitter LLM explain the process?
Granite@kbin.social
on 23 May 2024 03:38
nextcollapse
The insurance industry will love this.
pivot_root@lemmy.world
on 23 May 2024 05:03
nextcollapse
Oh no, a more expensive subscription (for insurance) for a car that makes you already subscribe to be a beta tester of a technology that runs you into the side of a train!
CaptainPedantic@lemmy.world
on 23 May 2024 15:33
collapse
Why would they love this? More claims means they have to pay out more. Even if they’re assholes and don’t pay out, they still have to process and fight claims which costs money.
They’ll raise rates on Teslas higher to offset that and make more money in the process.
state_electrician@discuss.tchncs.de
on 23 May 2024 04:08
nextcollapse
What kind of tech do you need for this?
circuscritic@lemmy.ca
on 23 May 2024 04:44
nextcollapse
An appropriate SDR, or a prefab kit you can buy online.
Relay attacks on keyless systems are nothing new, plenty of documentation and articles you can use to read up on the specifics.
redcalcium@lemmy.institute
on 23 May 2024 07:17
collapse
People usually use flipper zero (banned in Canada) to play with these kind of stuff. Not sure if this exploit can be implemented in flipper zero though.
state_electrician@discuss.tchncs.de
on 23 May 2024 12:06
collapse
It cannot. I know the FlipperZero and it can’t do any relay stuff.
Aurenkin@sh.itjust.works
on 23 May 2024 04:34
nextcollapse
If you have a Tesla and you’re worried about this it’s probably worth enabling pin to drive. Not sure about all the other brands that are impacted but hopefully they have a similar feature.
partial_accumen@lemmy.world
on 23 May 2024 04:55
collapse
Couldn’t a Model 3/Y owner also just disable the phonekey and use the NFC cards? NFC only broadcasts a few inches right? I would think that would be VERY hard for a malicious actor to capture with relay/replay attack.
Following that, is it possible to use the Phonekey only in NFC mode or is it always broadcasting on Bluetooth LE and NFC?
Removing permission for "nearby devices" - this unfortunately appears to block both Bluetooth and NFC permission
Turning off the phone's Bluetooth - NFC still works while the Bluetooth radio is off, but you'd basically never be able to safely use Bluetooth anytime you aren't watching your car. Setting a PIN is still unfortunately the only way to go, and hope that a dedicated attacker doesn't also find a way to capture your PIN (e.g. camera zoomed in on your screen).
partial_accumen@lemmy.world
on 23 May 2024 13:18
collapse
So we’d need Tesla to push a software change in the app with an option to turn off the Bluetooth LE signal, but leave the NFC on to continue to use Phonekey safely.
I guess the only safe alternative is using the NFC cards.
As a Tesla owner I’m probably biased, but I do not fear these attacks at all. Thing is, because a Tesla is so connected to the mothership (and I definitely realise that’s both a good and a bad thing), chances of a thief actually being able to use or sell the vehicle are very slim. Tesla always knows where their cars are, and urning off GPS and LTE ruins 90% of the features in the car. I think thieves know this because I haven’t heard of any Tesla getting stolen and not being retrieved (but n=1).
RobotToaster@mander.xyz
on 23 May 2024 06:51
nextcollapse
It’s not uncommon for cars to be stolen and stripped for parts, it gets rid of the risk of trackers.
NeoNachtwaechter@lemmy.world
on 23 May 2024 06:57
nextcollapse
but I do not fear these attacks at all.
chances of a thief actually being able to use or sell the vehicle are very slim.
Dreamer. Even thieves know what they are doing.
Cars are actually stolen. Teslas are actually stolen. That’s no news.
The news is (once more) how Massa Elon was bragging about technology and didn’t deliver it.
darganon@lemmy.world
on 23 May 2024 12:08
nextcollapse
Teslas are at or very near the bottom of often stolen car lists, by a wide margin.
NeoNachtwaechter@lemmy.world
on 23 May 2024 12:32
nextcollapse
So? It’s not quite the point here, but it seems that even thieves got some taste.
circuscritic@lemmy.ca
on 23 May 2024 15:06
collapse
Now hear me out, do you think that might have something to do with their market share relative to ALL other cars on the road?
When a KIA gets stolen, the owner will likely get it back, although probably a lot more worse for wear.
Thieves using relay attacks are most likely part of, or connected to, professional auto theft groups e.g. chop shops, overseas car markets, etc.
darganon@lemmy.world
on 23 May 2024 18:27
collapse
No, because they normalize and have a relative metric.
The most stolen car is an SRT hellcat, which has a total production run well under Model 3 production in a single quarter.
I know! But Teslas are still connected to ‘Homebase’. I’m looking at it like Apple. Steal an iPhone? They’ll brick it remotely. This does scare thieves, one way or another. If there is a thief that is able to negate all the remote interception capabilities, sure… but the numbers of the people capable of that are low.
redcalcium@lemmy.institute
on 23 May 2024 07:12
nextcollapse
Used Tesla battery is actually in demand though. Is the exploit is accessible enough, eventually thieves would target it to sell the battery in the used market for electric car conversion kits, solar power storage kits, etc.
PlantObserver@lemmy.world
on 23 May 2024 17:53
nextcollapse
Put me on the waiting list, I’d buy a battery that’s been strategically re-located from some rich fucks car to my solar setup.
STEAL - Strategic Transfer of Equipment to Alternate Locations
TexMexBazooka@lemm.ee
on 25 May 2024 12:33
collapse
A fat electrician enjoyer I see
TexMexBazooka@lemm.ee
on 25 May 2024 12:33
collapse
You would have to chop up the whole car to get the battery out
napoleonsdumbcousin@feddit.de
on 23 May 2024 11:41
nextcollapse
urning off GPS and LTE ruins 90% of the features in the car.
The main purpose of a car is “driving”, which you can do.
Unless you cannot start a Tesla without LTE, which would be very stupid.
You can also always strip a car for parts. Teslas are not magically safe from that.
AbidanYre@lemmy.world
on 23 May 2024 17:52
collapse
The kind of person who is going to disable that LTE connection wouldn’t have bought a Tesla in the first place.
Maybe not if the car is bricked remotely - i don’t know because I didn’t steal one of course. From a tech perspective, it’s relatively easy.
nxdefiant@startrek.website
on 23 May 2024 13:59
nextcollapse
Enabling the PIN mitigates this issue entirely. Can’t drive it away if you don’t know the PIN, even if you have the physical key, fob, or phone.
Scolding7300@lemmy.world
on 23 May 2024 15:55
nextcollapse
Still sucks ifyou can get in
nxdefiant@startrek.website
on 24 May 2024 11:43
collapse
The “Brick through a widow” bug has been an active exploit since the Model T.
polygon6121@lemmy.world
on 24 May 2024 09:50
collapse
Where I am from It is very common that people break in and only steal the loose valuables inside the car. Not the car itself. If you don’t even have to crack a window i would imagine it is very enticing to do so and specialize in Teslas… with that said, I can’t magine Teslas are more prone to this and other brands. What makes Teslas a bigger target is that their fleet is large and use very similar components and tech. If you hack one, you can hack into alot of them.
ramble81@lemm.ee
on 24 May 2024 12:41
nextcollapse
Which is one of the perks of being a convertible owner. You keep the car clean of loose items, or the wind does it for you.
Right, a rock can get in any car and your pin doesn’t help, so one of your best safeguards is to not leave anything visible in the car
Copythis@lemmy.world
on 23 May 2024 14:59
collapse
One of my coworkers carries a flipper zero around and opens up every single Tesla gas door we see. He hasn’t tried it on the cybertruck yet, the ones I see are usually on the move.
MoonRaven@feddit.nl
on 23 May 2024 18:23
nextcollapse
Ah, good, then someone can charge the car for the owner…
whotookkarl@lemmy.world
on 23 May 2024 22:34
nextcollapse
My favorite so far has been spoofing amiibos on the switch for Zelda goodies
helenslunch@feddit.nl
on 09 Jul 2024 17:11
collapse
The charging door isn’t supposed to be secure. The Flipper is just replaying the signal from a Tesla charging handle, which can be found anywhere.
threaded - newest
Archive link plz
Here you go: archive.is
You can also just put the link into 12ft.io
I thought that didn’t work anymore but maybe that’s just the paywall removal.
Worked for me, I always use it on wired.com due to their paywall
Can the Twitter LLM explain the process?
The insurance industry will love this.
Oh no, a more expensive subscription (for insurance) for a car that makes you already subscribe to be a beta tester of a technology that runs you into the side of a train!
Why would they love this? More claims means they have to pay out more. Even if they’re assholes and don’t pay out, they still have to process and fight claims which costs money.
They’ll raise rates on Teslas higher to offset that and make more money in the process.
What kind of tech do you need for this?
An appropriate SDR, or a prefab kit you can buy online.
Relay attacks on keyless systems are nothing new, plenty of documentation and articles you can use to read up on the specifics.
People usually use flipper zero (banned in Canada) to play with these kind of stuff. Not sure if this exploit can be implemented in flipper zero though.
It cannot. I know the FlipperZero and it can’t do any relay stuff.
If you have a Tesla and you’re worried about this it’s probably worth enabling pin to drive. Not sure about all the other brands that are impacted but hopefully they have a similar feature.
Couldn’t a Model 3/Y owner also just disable the phonekey and use the NFC cards? NFC only broadcasts a few inches right? I would think that would be VERY hard for a malicious actor to capture with relay/replay attack.
Following that, is it possible to use the Phonekey only in NFC mode or is it always broadcasting on Bluetooth LE and NFC?
I just tried this a couple different ways:
So we’d need Tesla to push a software change in the app with an option to turn off the Bluetooth LE signal, but leave the NFC on to continue to use Phonekey safely.
I guess the only safe alternative is using the NFC cards.
As a Tesla owner I’m probably biased, but I do not fear these attacks at all. Thing is, because a Tesla is so connected to the mothership (and I definitely realise that’s both a good and a bad thing), chances of a thief actually being able to use or sell the vehicle are very slim. Tesla always knows where their cars are, and urning off GPS and LTE ruins 90% of the features in the car. I think thieves know this because I haven’t heard of any Tesla getting stolen and not being retrieved (but n=1).
It’s not uncommon for cars to be stolen and stripped for parts, it gets rid of the risk of trackers.
Dreamer. Even thieves know what they are doing.
Cars are actually stolen. Teslas are actually stolen. That’s no news.
The news is (once more) how Massa Elon was bragging about technology and didn’t deliver it.
Teslas are at or very near the bottom of often stolen car lists, by a wide margin.
So? It’s not quite the point here, but it seems that even thieves got some taste.
Now hear me out, do you think that might have something to do with their market share relative to ALL other cars on the road?
When a KIA gets stolen, the owner will likely get it back, although probably a lot more worse for wear.
Thieves using relay attacks are most likely part of, or connected to, professional auto theft groups e.g. chop shops, overseas car markets, etc.
No, because they normalize and have a relative metric.
The most stolen car is an SRT hellcat, which has a total production run well under Model 3 production in a single quarter.
I know! But Teslas are still connected to ‘Homebase’. I’m looking at it like Apple. Steal an iPhone? They’ll brick it remotely. This does scare thieves, one way or another. If there is a thief that is able to negate all the remote interception capabilities, sure… but the numbers of the people capable of that are low.
Used Tesla battery is actually in demand though. Is the exploit is accessible enough, eventually thieves would target it to sell the battery in the used market for electric car conversion kits, solar power storage kits, etc.
Put me on the waiting list, I’d buy a battery that’s been strategically re-located from some rich fucks car to my solar setup.
STEAL - Strategic Transfer of Equipment to Alternate Locations
A fat electrician enjoyer I see
You would have to chop up the whole car to get the battery out
The main purpose of a car is “driving”, which you can do. Unless you cannot start a Tesla without LTE, which would be very stupid.
You can also always strip a car for parts. Teslas are not magically safe from that.
The kind of person who is going to disable that LTE connection wouldn’t have bought a Tesla in the first place.
You’re renting it?
can it still… ya know, move like a car does?
Maybe not if the car is bricked remotely - i don’t know because I didn’t steal one of course. From a tech perspective, it’s relatively easy.
Enabling the PIN mitigates this issue entirely. Can’t drive it away if you don’t know the PIN, even if you have the physical key, fob, or phone.
Still sucks ifyou can get in
The “Brick through a widow” bug has been an active exploit since the Model T.
Where I am from It is very common that people break in and only steal the loose valuables inside the car. Not the car itself. If you don’t even have to crack a window i would imagine it is very enticing to do so and specialize in Teslas… with that said, I can’t magine Teslas are more prone to this and other brands. What makes Teslas a bigger target is that their fleet is large and use very similar components and tech. If you hack one, you can hack into alot of them.
Which is one of the perks of being a convertible owner. You keep the car clean of loose items, or the wind does it for you.
Right, a rock can get in any car and your pin doesn’t help, so one of your best safeguards is to not leave anything visible in the car
One of my coworkers carries a flipper zero around and opens up every single Tesla gas door we see. He hasn’t tried it on the cybertruck yet, the ones I see are usually on the move.
Ah, good, then someone can charge the car for the owner…
My favorite so far has been spoofing amiibos on the switch for Zelda goodies
The charging door isn’t supposed to be secure. The Flipper is just replaying the signal from a Tesla charging handle, which can be found anywhere.