Forums

Update this Morning - 4-digit Code Enabling Car Function

Update this Morning - 4-digit Code Enabling Car Function

So I get an update this morning, with option to add four digit number code to be filled in before my Model X will drive, and think to myself what a small potatoes upgrade, and ask myself why would I wish to do that. After testing the option, I turned it off. Then later at coffee shop I read an article in the news about a $200 tools investment a thief needs to make to gain the ability to clone my key-fob and drive away my Tesla. So the about hundred thousand dollar question is: why does Tesla not explain same in the upgrade note, that one really does need to enable the number, that in fact it probably shouldn't be optional??? Happy enough over alll...feel lucky to have a completed 3 in delivery status, coming to keep the X company. (James for Lucinda and James).

greg | September 11, 2018

Tesla updated the key fobs encryption to make them more immune to the method the hackers were using.

So at worst, only cars using older fobs (and on board software) would need it not every Tesla ever made.
Apparently the older fobs only used 40 bit! encryption. An absolute joke level of encryption.

Tesla knew of this issue earlier this year because the researchers who perfected it informed them about it before making it public under Tesla's bug bounty program.

I am sure the issue is one that does explain how come all those Tesla's in Europe managed to be stolen a year or more back - while the owner was nearby in their house.

EVRider | September 11, 2018

Most people would not want to have to always enter a PIN to drive the car, which is why it will always be optional.

lucindaabbe | September 11, 2018

Greg & EVRider:

Greg thank you for clarification, as I take some comfort in the knowing there is a limit to the applicability of the need for code. That said, as the owner of a 2+ year Model X it seems important to know from Tesla that all owners for whom it should NOT be an option were alerted. Then I'd be happy to join in with EVRider's most people that would not be using PIN. Appreciatively, James, for James and Lucinda

ulrichard | September 11, 2018

Unfortunately the story doesn't end there. At the bottom of the pin entry there is a message: If you forgot your pin, you can also unlock the car with your Tesla account. The Tesla account has always had weak security with only a password. And as if that was not bad anough, Account recovery is even worse. Anybody can click a button to send a new password unencrypted to your eMail account. So everybody who can manage to read your eMails can steal your car regardless of the pin protection.

222 | September 11, 2018

Interesting. I wouldnt mind a pin to drive (it might even drop insurance premiums) but you guys are correct about bypassing it sounds easy

lucindaabbe | September 12, 2018

Hi ulrichard,, I'm really like two-step authentication, where my cell phone gets...wait for it...a four letter code to verify that I'm me. One could not use same if out of cellphone range, so it'd be important that one's Tesla code was not forgettable for some reason, and tested for usability before driving out of cell phone range. James

JustSaying | September 12, 2018

As I understand it all cars made after June 2018 got the new FOB.
Tesla welcomes registered "white hat Hackers" to try to hack a registered Hackers' car to try to defeat the Tesla systems (without fear of prosecution). Tesla just ask for a reasonable period of time, after they are notified, to make a fix before the "white hat hackers" release the weakness into.

jordanrichard | September 12, 2018

You guys do realize that this ghosting of FOBs affects ANY car that has Push Start/Stop. Tesla however is the ONLY company that I am aware of has come up with a fix.

jordanrichard | September 12, 2018

Also, to use your account information, a thief would need to know both your email and password.

HEBakerIII | September 13, 2018

I brought my new Model 3 home last week. The next day my iPhone stopped working for access. I called Tesla and was told this was normal and that it should start working within 72 hours. “By Tuesday,” he said. That was last Tuesday. Today is Thursday and it still does not work. I’ve restarted the phone. Deleted the ap. Downloaded it and entered password, etc. Anyone know what’s happening? Thanks.

ulrichard | September 14, 2018

@jordanrichard
How do you protect that information from malware?
Enter the following into your favorite search engine: "percent of devices infected malware"
I just don't enter it on any device that is not primarily running binaries from reproducible builds.

jordanrichard | September 14, 2018

Ok, how do stop these would be thieves who apparently know your every move, from just peering through the window and seeing what your PIN is.......? Let's just take this one more step towards extreme improbability. How do you prevent the thieves from coming up to you at gun point and demand you tell them the PIN....?

esben.callin | September 16, 2018

Interesting. but you guys are correct about bypassing it sounds easy

esben.callin | September 17, 2018

Interesting. but you guys are correct about bypassing it sounds easy

Whatsapp messenger hotstar

ulrichard | September 21, 2018

I wonder how many owners use gMail for their Tesla account...
https://www.telegraph.co.uk/technology/2018/09/20/google-admits-hundreds...

jimglas | December 3, 2019

bot magnet
flagged