Model S

Starting March 15th, Tesla Forums will become read only. To continue the conversation with the Tesla community visit engage.tesla.com.

PIN code not that secure ?

edited November -1 in Model S
It seems to me the level of security of the PIN code keyboard could be further increased.


The keypad position and layout is always the same at each startup so by observing fingerprints of the screen surface it could be quite easy to locate the figures which are used the most.
A stubborn person could then try all the combinations with these figures, there are 256 of them, before finding the correct one.


I would suggest to shuffle the figures on the keypad at each startup.

Comments

  • edited September 2018
    That’s only true if your screen is pristine the first time you use the pin code and don’t touch the screen after.

    My screen has lots of finger prints on it so it would be impossible to know what was a pin press and what wasn’t.
  • edited November -1
    even if its the only prints on your screen, they would have to try 5040 combination to get it right.


    there is no reason to change it
  • edited September 2018
    Does it not block attempts after too many tries?
  • edited November -1
    Don't get your math, Silver. If you know the 4 digits from the fingerprint marks, there are 24 combinations (4!).

    Agree that the PIN screen should come up in random positions on the screen.
  • edited September 2018
    made a booboo.. 24 is correct. :)
  • edited November -1
    and calm down barry! I don't want to have to pull out my rivet gun and...… oh nvm, it's a tesla rivet gun and it's empty :(
  • edited September 2018
    24 is not correct, your are forgetting numbers where figures are repeated, so it is not 4! but 4^4.
  • edited September 2018
    What's all the yelling about after a number? Like 4 ! :-)
  • edited September 2018
    Rx - 4! is what's yelled on the golf course.
  • edited September 2018
    I'm guessing the OP has a RFID-blocking wallet. Just seems like the type.
  • edited September 2018
    My wife carries a RFID-blocking sleeve for her license. I lock eyes with the rep she hands her license to when asked for it and we break out into laughter. My wife's response "what? You never know!". So we just laugh even harder.

    :)
  • edited September 2018
    Honestly, the numbers don't need to charge order or anything. The keypad should just come up in a random position on the screen. It isn't hard to do that.
  • edited September 2018
    Leave fingerprints all over the screen.
  • edited September 2018
    With a 4 digit pin, there are 24 possible combinations if the 4 digits in use are known. Even if you move the keypad, it's likely the 4 digits could be determined by smudge pattern, since it would be repeated, possibly in areas of the screen not normally pressed. I'd prefer randomizing the digits presented

    Another route is use the owner's phone pairing as the second factor, While Bluetooth is weak, it's certainly stronger then the fob+guessable 4-pin. However, it assumes a non-dead phone, which may be an undue burden.

    I suspect that the issue here is that as Tesla vehicles and power systems become exported to more and more places around the globe, Tesla becomes more susceptible to export controls regarding encryption, especially where hardware (fobs) become involved. The concept of two-factor authentication is noble, but not if both factors are easily defeated. Tesla should really be replacing the fobs.

    Additionally, placing the car in Valet mode defeats the current two-factor. Even though the four-digit PIN is required to place the car into Valet mode, the car while in Valet mode is susceptible to the original weak fob encryption issue, as well as having the weak fob likely exposed to attack. A susceptible Tesla Model S at a restaurant could be quite vulnerable. I would like to see the Tesla app provide movement alerts when the car is in valet mode.
  • edited September 2018
    Yes, we need a 32 -digit PIN. Should eliminate any way for criminals to use CSI methods to steal the car. Of course it also means it will take 5 minutes to start the car, but as long as I keep a postit note on the dash with the PIN number, it shouldn't take too much effort. Better to have a three-factor method, where it calls your home phone, cell phone and requires the PIN. You really cannot be too careful even if it takes 30 minutes to get in and go.

    Then again you could just deal with insurance considering Tesla is the one of the least stolen vehicles in the USA. There is no known theft worldwide that has bypassed/guessed the 4-digit pin either.
  • edited September 2018
    TT, that postit note will blow off the dash and out the window at 160 mph. So, send me your 32-difgit pin and I will make you a sticker with my labelmaker. that you can stick on the back window. So do I print it forward for when you turn your head, or print it backward and you will read it from the rear view mirror?
  • edited September 2018
    @akikiki - Very kind of you. How about reverse in 24pt type? Considered legally blind, so large fonts help. Now if I can just get those road signs in large fonts. I'll complain at my next driver's test in 15 years or so.
  • SOSO
    edited September 2018
    Usually a thief is in a hurry. After a few tries, they would probably give up and leave.
Sign In or Register to comment.