
Locked Tesla stolen in 30 seconds in London with fob relay trick - kjhughes
https://www.businessinsider.com/locked-tesla-stolen-30-seconds-london-signal-relay-2019-8
======
matt-attack
This attack against key fobs has been around for years. The recommendation is
to keep your keys in a metal container (faraday cafe) when at home. Or at
best, not on a hook right by your front door.

~~~
cwilkes
With my car the fob has to be within 2 feet to unlock the door. At first I
thought this was due to using low power transmitters, now I see it as an
unintended security feature.

~~~
zaroth
The attack uses a directional antenna and a signal booster / relay, so it
works against short-range fobs.

~~~
tinus_hn
They could use timing to limit the distance due to the laws of physics but
it’s difficult.

~~~
ryacko
They could use rangefinding to limit the distance without dealing with precise
timers.

~~~
tinus_hn
How does rangefinding work?

~~~
foxyv
Most short distance rangefinders use an interferometer. You send a
radar/laser/sound wave at a target and compare it against a reference. You
measure the displacement in the phase angle of the beam bounced off the target
to determine distance. You can get insane precision using short wavelengths.

The most common long range rangefinders use nanosecond timers to measure the
delay between a pulse and a response. At 100 meters, a laser beam will take
666ns to bounce off a target, 200 meters will take 1300ns etc... The precision
of this method is a lot less because of confounding factors like the precision
of your timing device, refraction, etc... Data will be encoded into the laser
pulses similar to a GPS signal to reduce issues with cross talk between
rangefinders and jamming. These measurements are confounded by the huge speed
of light. A 1 nanosecond mis-timing will result in 0.3 meters loss of
precision.

A triangulating range finder (Usually a LIDAR) will further refine the above
measurement by positioning sensors a distance apart to make medium distance
sensing more accurate. This allows LIDAR scanners to increase their precision
down into the millimeter range.

------
smileypete
Needs some '2FA', like actually putting the key in the ignition. :)

Or a tiny motion sensor in the key, if it's still then don't authenticate.

[Edit:] Suitable sensor, 2012 technology!
[https://www.eetimes.com/document.asp?doc_id=1317349#](https://www.eetimes.com/document.asp?doc_id=1317349#)

~~~
693471
There is 2FA, they just didn't enable it. There's a PIN to drive feature where
you have to put a pin number in on the main touchscreen. It also moves to a
different location each time so nobody can look at fingerprints.

~~~
zaroth
I’ve never used the PIN, that is awesome that it shifts around!

Does the order of the digits shuffle, or does the whole UI element move, or
both?

~~~
693471
Whole UI element moves

