Using finger prints to open and start a Tesla/Tesla Remote App

Using finger prints to open and start a Tesla/Tesla Remote App

Update (03/21/2017)

I love the comments! Lot's of brainstorming! Elements will be a issue, yet we still manage to find our way to the door handle right?! ;) I just learned about Mazda & Tesla (user made 'Remote S" & Tesla Motors) having an App to start your car remotely, that was my my other idea. An App that let's you control your car remotely. I agree with the App not being able to be primary, but if we could make an iris scanner or finger printer primary, "would be pro" ... I'm still doing research, keep em coming!!

This is an idea that I cannot shake! I'm curious if anyone else is interested in this. No more keys, no one stealing your car or locking yourself out. What do you think as Tesla owners? Is this something you would try?

Friend, Software Engineer @Valeo, worked on project for Tesla involving sensors

First question he asked me: if you finger print, how do you share? family or friends?

A: How do you share a computer? You create them a profile.

Friend: this'll only work if Tesla doesn't plan on anyone fixing their cars but a Tesla garage
and that also means anyone there has access to a master key

A: You can set it up. It's a computer. The owner can tell the car it's at a garage. You don't need a master key.


jordanrichard | 20. maaliskuu 2017

Are you talking about a fingerprint reader physically on the car? If so, how well is this going to work when the car is covered in ice?

Presently if one has an I-Phone 5 or newer, via the Tesla app you can unlock/start the car via your fingerprint.

RGH | 20. maaliskuu 2017

Interesting idea but not for me. I can think of many reasons I would use it ONLY as an ADDITIONAL means to unlock the car, not as a primary method. For one, I would not want to take off my gloves in freezing weather to grab a cold metal door handle and wait for it to identify my fingerprint.

carlk | 20. maaliskuu 2017

I'd rather to give carjacker my fob instead of my finger.

tedirelan | 20. maaliskuu 2017

People can get into cars without keys, into houses without keys, into banks without pass codes. They can start cars without keys. If people really want to take your stuff, the lack of entry to do so is irrelevant. I think a fingerprint scanner would be cool. The case for ice being over it would be the same as the keyhole being iced over when there weren't fobs, scrap away the ice (gently with your hand if you have to).

PV_Dave @US-PA | 20. maaliskuu 2017

Fingerprint is a weak form of biometric, which is probably part of why Apple is rumored to be switching to Iris. Iris scans are pretty strong, while near-IR face recognition implemented properly is harder still to spoof.

Key fobs make a pretty reasonable primary, and in theory we already have the ability to use touch ID on the iPhone as an alternate way to start the car when Internet is available. Not that I've had good luck using that feature lately...

bigd | 20. maaliskuu 2017

carlk "I'd rather to give carjacker my fob instead of my finger." love it when you can make a good point and be funny +1

Frank99 | 20. maaliskuu 2017

I love the idea. I unlock my PC with a fingerprint sensor, I unlock my phone with a fingerprint sensor. I'd love to unlock my car with a fingerprint sensor. I'm willing to settle for using the fingerprint sensor in my phone as a second factor to unlock my car.

No, I'm not worried about someone spoofing the fingerprint sensor. I've built fingerprint spoofs - remarkably difficult, especially for lifted prints.

RGH | 20. maaliskuu 2017

Hmmmm, if someone gives me the middle finger out on the road, maybe I consider they are just trying to take over my car ;-)

Frank99 | 20. maaliskuu 2017

I drove a Miata for several years. Never put the top up. Hated it when I drove my wife's Accord, 'cause I always ended up with a sprained finger.

Billc | 21. maaliskuu 2017

I'd definitely go for fingerprint access and starting with ability to add family members. Only issue I can see would be snow, dirt, etc on sensor.

rlwrw | 21. maaliskuu 2017

"Mythbusters" found it pretty easy to spoof a fingerprint reader.
Besides, the comparing file within the device can be hacked and cloned.
Time to get new fingerprints, iris patterns, etc.?

Frank99 | 21. maaliskuu 2017

rlwrw -
Mythbusters used amodel of Optical fingerprint sensor that was ancient when the show was filmed 10 years ago. Will you take my word for it that technology has advanced since then? You really should.

Modern fingerprint sensors are far better than what they tested. They aren't perfect, and some spoof materials are very difficult to differentiate from a real finger, but they're pretty danged good. When Phones started using them to authenticate financial transactions, the focus on security (from a software standpoint as well as a measurement standpoint) has gotten a lot better.

I have a standing challenge. Anybody who wants can borrow my phone, and if they can build and wield a spoof sufficiently well to get in, I'll give them $100. Wanna play?

jordanrichard | 22. maaliskuu 2017

Well, since the newer Tesla's have cameras in the B-pillars, how about facial recognition?

Frank99 | 22. maaliskuu 2017

Facial recognition is good - but it has problems when lighting changes. The shadowing difference between morning with full sun in your face, noon with full sun overhead, late afternoon with full sun coming from the side, night time, clouds, etc., plays havoc with being able to recognize the owner. That is perhaps the main reason that laptops and cell phones don't use it - they already have the cameras so it would be cheaper but it just isn't reliable enough.

That doesn't mean it won't be used; there's a lot of work being done to use facial recognition to "maintain" your authentication. You'd use a password, a fingerprint sensor, or whatever to initially log in to (for example) your laptop at work, and the system would constantly monitor your face, adjusting to lighting/face angle/etc. It doesn't have to be as accurate, all it has to be able to do is say "Yup, the person who logged in this morning looks like they're still there". If you leave your chair and someone else sits down, the system can quickly say "Nope, not the same person" and jump back to the login screen.

PV_Dave @US-PA | 22. maaliskuu 2017

There are many kinds of fingerprint readers now. Some are easy to spoof, some are more challenging. All can be beaten by a determined and skilled adversary, but we're talking about a car, not the door to a nuclear plant. If the three letter agencies want your car, they're going to just tow it away, rather than trying to spoof your fingerprint.

Facial recognition similarly comes in two main flavors: visible light and near-infrared. Visible light face recognition is pretty unreliable for authentication, mostly due to the lighting impact @Frank99 mentioned above, but also because some of the current implementations on the market doesn't adequately handle liveness testing, i.e. it will authenticate to a photograph of you as if it was you. Near-IR face recognition, properly implemented, is the best biometric authentication available, but there aren't that many good implementations yet, and you need a near-IR camera for it. And even near-IR face recognition has challenges if the sensor is in full sun, which is pretty common for cars.

Me, I like my FOB. Though I do wish the phone app could securely authenticate and control over bluetooth when the Internet connection isn't reachable.

PV_Dave @US-PA | 22. maaliskuu 2017

"some of the current implementations on the market *don't* adequately handle liveness testing". Alas, forgot to proof read between editing and posting...

Frank99 | 22. maaliskuu 2017

You seem quite knowledgeable, Dave. So where does your knowledge come from? I'm currently doing ASIC architecture for a well-known fingerprint manufacturer.

PV_Dave @US-PA | 23. maaliskuu 2017

I did a good bit of work in the physical security industry last year, including wandering around the ISC West floor doing research for one of the biometric manufacturers. I found it amusing that the fingerprint solutions getting the most attention were generally "touchless", which of course tends to be the easiest to spoof. It's also interesting how far behind some of the vendors are in IT security for their physical security products. One vendor we did penetration testing on left holes big enough to drive a jumbo jet through... in a shipping product. Ouch.

Sefar | 23. maaliskuu 2017

IN the meantime, if you have a samsung phone (maybe others with a fingerprint sensor) you may want to look at lastpass. It opens my apps with fingerprint recognition. And Samsung Pass promises the same thing on samsung phones. When the new 8 line comes out and iris scanning is returned, I am hopeful it will be better than it was on the Note 7.

Frank99 | 23. maaliskuu 2017

Not a market we're in. If you don't want to buy at least a million parts, we don't want to talk to you - and the physical security industry isn't there. We do have a couple of parts that that industry would probably love to have, especially from a security perspective, and the one I'm working on now would make them salivate, but alas it's not to be for them.
A funny story - we have a line of products in a completely different field. A colleague of mine tells of being approached by Tesla way back in the mists of time (pre-Model S) to buy some of that product - and we sent them away because we simply weren't capable of supporting our product in such a small undreds-of-units a year boutique manufacturer. Now that colleague (and several others) owns a Model S, and it bugs him every time he gets in the car and has to use a competitors product in it.

Frank99 | 23. maaliskuu 2017

Sefar -
Yep, I use LastPass on my phone, my laptop,, my home computer, because of the fingerprint integration. I like using a product I built (the fingerprint sensor in the phone and laptop).
I pay for the Premium version of LastPass (don't have to any more, but I like them enough to send them $12 / year) so that all of my computers share the same password vault. Remarkably convenient, if not perfect in implementation, and secure enough for my needs.

PV_Dave @US-PA | 23. maaliskuu 2017

Yeah, well some of you guys might do well to Google "lastpass vulnerability 2017".

Personally, I use 1Password, which also controls passwords with fingerprint, at least on mobile. They've had some bugs, too, but from my understanding not quite as severe...

PV_Dave @US-PA | 23. maaliskuu 2017

@Frank99: Yes, the physical security industry is a smaller pond than most people realize. No shortage of big box garbage which any fool can bump or pick, but once you take that out, the remaining market is surprisingly small. And don't get me started on what passes for "smart locks".

sosmerc | 23. maaliskuu 2017

I suppose it could be setup so that you have to convince the car through reciting various phrases that it is you and MAYBE then it would let you in. But if you have a bad cold or have been drinking too much you may be outa luck :)....