• @Aurenkin
    link
    English
    3424 days ago

    If you have a Tesla and you’re worried about this it’s probably worth enabling pin to drive. Not sure about all the other brands that are impacted but hopefully they have a similar feature.

    • partial_accumen
      link
      fedilink
      English
      1524 days ago

      Couldn’t a Model 3/Y owner also just disable the phonekey and use the NFC cards? NFC only broadcasts a few inches right? I would think that would be VERY hard for a malicious actor to capture with relay/replay attack.

      Following that, is it possible to use the Phonekey only in NFC mode or is it always broadcasting on Bluetooth LE and NFC?

      • digdug
        link
        fedilink
        11
        edit-2
        24 days ago

        I just tried this a couple different ways:

        1. Removing permission for “nearby devices” - this unfortunately appears to block both Bluetooth and NFC permission
        2. Turning off the phone’s Bluetooth - NFC still works while the Bluetooth radio is off, but you’d basically never be able to safely use Bluetooth anytime you aren’t watching your car. Setting a PIN is still unfortunately the only way to go, and hope that a dedicated attacker doesn’t also find a way to capture your PIN (e.g. camera zoomed in on your screen).
        • partial_accumen
          link
          fedilink
          English
          324 days ago

          So we’d need Tesla to push a software change in the app with an option to turn off the Bluetooth LE signal, but leave the NFC on to continue to use Phonekey safely.

          I guess the only safe alternative is using the NFC cards.