353
submitted 5 months ago by jeffw@lemmy.world to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] Aurenkin@sh.itjust.works 31 points 5 months ago

If you have a Tesla and you're worried about this it's probably worth enabling pin to drive. Not sure about all the other brands that are impacted but hopefully they have a similar feature.

[-] partial_accumen@lemmy.world 13 points 5 months ago

Couldn't a Model 3/Y owner also just disable the phonekey and use the NFC cards? NFC only broadcasts a few inches right? I would think that would be VERY hard for a malicious actor to capture with relay/replay attack.

Following that, is it possible to use the Phonekey only in NFC mode or is it always broadcasting on Bluetooth LE and NFC?

[-] digdug@kbin.social 10 points 5 months ago* (last edited 5 months ago)

I just tried this a couple different ways:

  1. Removing permission for "nearby devices" - this unfortunately appears to block both Bluetooth and NFC permission
  2. Turning off the phone's Bluetooth - NFC still works while the Bluetooth radio is off, but you'd basically never be able to safely use Bluetooth anytime you aren't watching your car. Setting a PIN is still unfortunately the only way to go, and hope that a dedicated attacker doesn't also find a way to capture your PIN (e.g. camera zoomed in on your screen).
[-] partial_accumen@lemmy.world 3 points 5 months ago

So we'd need Tesla to push a software change in the app with an option to turn off the Bluetooth LE signal, but leave the NFC on to continue to use Phonekey safely.

I guess the only safe alternative is using the NFC cards.

this post was submitted on 23 May 2024
353 points (97.3% liked)

Technology

59414 readers
1430 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS