
Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob - okket
https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/
======
metabrew
If you have to click the key fob (the default) to unlock the car, you are safe
from this attack, and don't have to upgrade your keyfobs.

A firmware update deactivated the touchless entry feature and warned about
this ages ago.

------
thecopy
What would be the reasons one would chose a 40 bit encryption key over, say,
256 bit? Is it cheaper?

~~~
yayana
40 bit only stayed on the market because of US export control. It is
convenient to not have to know arbitrary details about your customers, not
have to NDA all your docs, and not risk fines and an inability to export your
product.

------
BurnGpuBurn
>But if owners of a Model S ... don't pay to replace their key fob with the
more strongly encrypted version—the researchers say they're still vulnerable
to their key-cloning method.

Great customer service. I would never buy from Tesla.

"Hey, that great car you bought from us, well err.. It kinda has a very bad
lock. We opted to let you find that out on your own first, and now that you
did, please pay this bill I'm shoving in your face so we can have more money.
Then we'll fix it. Oh, and in the very unlikely _cough_ case that our new lock
also gets hacked, be prepared to give us some more money. Because you know,
your car is more like a subscription to a service, not something you own that
has things like guarantees or a warranty."

~~~
seriousaccount
You mean in contrast to all the other car manufacturers that are also
vulnerable and don't hand out new keys? Audi, BMW, Ford, Nissan, Mazda,
Mercedes... Haven't read about a lot of manufacturers giving customers
new/updated keys TBH

