Secure your Tesla Model S!

Written on 26 October 2018, 10:45pm

Tagged with: , ,

Update 8 December 2018: Don’t buy a Tesla!

Even if it has wheels and wipers, your Model S is ultimately a computer. A very good looking one if you ask me, but, as any other computer, it can be pwned. The recent news shows an increased incidence of Model S thefts across Western Europe, and apparently the thieves are exploiting a vulnerability in the way the car communicates with the key fob:

Like most automotive keyless entry systems, Tesla Model S key fobs send an encrypted code, based on a secret cryptographic key, to a car’s radios to trigger it to unlock and disable its immobilizer, allowing the car’s engine to start. After nine months of on-and-off reverse engineering work, the KU Leuven team discovered in the summer of 2017 that the Tesla Model S keyless entry system, built by a manufacturer called Pektron, used only a weak 40-bit cipher to encrypt those key fob codes.

Wired:  Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

Long story short, it only takes about $600-worth of equipment, a decent computer and less than 2 seconds to crack the 40-bit cipher. According to Wired, the vulnerability was responsibly disclosed in August 2017, and after about a year, Tesla reacted by addressing the root cause (upgrading the key fobs) in addition to implementing the PIN-to-drive feature. 
But this leaves a lot of room for the bad guys: there must be plenty of Model S manufactured before June 2018 and without the PIN-to-drive enabled. So what should you to secure your Tesla Model S and avoid a situation like this?

1. Disable passive entry

I don’t really like this option because you trade functionality for
security. The passive entry is a nice feature and Tesla should make it work securely, by upgrading the key fobs. But until then, this is a solid option to improve the existing security posture.

2. Enable PIN-to-drive

Again, an option that gets the job done, but leaves massive room for improvement. There are two major inconveniences: first, you must type your PIN in an environment where you cannot properly hide your keyboard. Second, your fingers leave traces when typing, and unless you are wiping the screen after every PIN entry, you are leaving a potential door open. This is simply not good enough, and I did not even mention how inconvenient is to input your PIN every time you start your car. 
Tesla can do better – how about FaceID-to-drive?

FaceID just proved how it can address the most security concerns while providing a seamless user experience. With time, software and hardware updates, it will get even better, and we will see FaceID on other computing devices like tablets or laptops.
And from there it’s easy to imagine a keyless future. How long until you unlock your car by looking at it?

A post that I wrote back in November 2017: FaceID: convenience and security

3. Additional measures

  • If your car was produced before June 2018, contact Tesla to replace your key fob so that the communication between the car and the key fob is properly encrypted
  • Get a Faraday pouch if you would like to keep the Passive Entry active. Store your key inside the pouch when you’re not using the car, but make sure that you don’t leave the key inside the pouch inside the car 🙂 Oh, and get another pouch for the second key
  • Install a hidden GPS tracker on your car. This will help locate the stolen car even when the bad guys would destroy the embedded connectivity module. Tesla won’t be able to remotely control your car, but, if you react quickly, you should be able to tell the police where it is  
  • Just use common sense when parking your car. Would you park your nice car in a shady, cheap and isolated area?
  • Think defense-in-depth: implement not one, but more security measures to protect your asset 🙂

If you plan to buy a new Tesla, here is my referral code:

Tesla road trip 2018

Written on 1 September 2018, 11:53am

Tagged with: ,

Here are a few notes on the road trip I recently took through the Central Europe with my Tesla Model S 75D.

The route along with the superchargers data points
The trip segments – 2992 km in total
  • The Tesla superchargers infrastructure is ready to support road trips through the Central Europe (Belgium, Netherlands, Germany, Austria, Italy, Switzerland, France, Luxembourg)
  • Free supercharging is awesome 🙂
  • In order to avoid waiting times to pay road tolls, I highly recommend alternatives like this 
  • Trip segments longer than 2-2.5 hours are really difficult to manage for families with kids, which makes it perfect for stopping and re-charging
  • The Supercharger locations are really nice. Ranging from nice hotels to commercial centers, they completely change your long trip experience (no more crowded and dirty toilets in gas stations)
  • Supercharging is really fast. It happened several times that the car had to charge more than needed to continue because we were not ready
  • The Superchargers are conveniently located along the highway. 5 to 10 minutes is the average detour
  • The Superchargers are not clearly marked, and that’s one of the few annoying bits. The Tesla navigation brings you in front of the hotel / commercial center, but I only saw indication panels on few locations. Maybe it’s on purpose to avoid non-EV to occupy the space?
  • Still on negative points: the Arlon supercharger was marked as ‘Reduced capacity’, making it unclear if I should use it or not. Fortunately a phone call to the hotel cleared things up
  • Charging your car on top of the Grossglocker road is awesome
  • Seeing your range increase when you come down the mountain is  satisfying
  • The luggage load does not have a big impact on the autonomy. But going 170km/h in Germany certainly does 😀
Charging at 2369 meters, on top of the road offering a view to the spectacular Grossglockner peak
After coming down the mountain – negative consumption for 42 kilometers!

Overall, I was really impressed with the trip. I had to spend more time planning, but I enjoyed a completely changed road trip experience, with smooth and silent driving and no range anxiety.
The future of transportation is here, and I am happy to be part of it!

Tuscany sunset

PS: In case you plan to order a Tesla, you can use my referral code … 

8 December 2018: scratch that. I cannot recommend buying a Tesla. Not for the moment at least.

Weekly links

Written on 5 October 2015, 02:43pm

Tagged with: , ,

Inaugurating a new post type – a collection of links to interesting articles/stories. Aimed to be updated weekly 🙂

“If a gravitational wave were to pass through you now, this ripple in spacetime would stretch you taller and thinner, then squash you shorter and fatter. The reason you wouldn’t notice is because your height would be altered by less than the width of a proton (a fraction of the size of an atom).”
Cosmos Magazine – Einstein’s gravitational waves remain elusive

Every picture ever made during the Apollo moon missions has been made available on Flickr through the Project Apollo Archive.
Washington Post – Over 9,000 Apollo moon mission pictures are now online

“All of these feature were built for one reason — a self driving future combined with an entire self-driving mobility platform. The Model X was built to be either the ultimate self-driving taxi, or the ultimate human/self-driving rental car — or both.”
Gavin Sheridan – Elon Musk’s sleight of hand