I’ve never really been all that crazy about proximity keys, for a lot of reasons, but just in case you’re looking for another reason to not give up physical keys turning in mechanical locks, maybe this little video of a Tesla apparently being stolen by a guy holding a wire over his head and his pal will change your mind.
The video was shot from the Ring doorbell camera of a home in Borehamwood, a town near London. You can see one of the thieves raising his arms, not in a metaphorical attempt to raise the roof, joyfully, but rather to get a length of wire in a position where it can function as an antenna for the key fob relay unit that is, presumably, in that pouch on his chest.
That was quick, right?
Here’s what was happening there: one guy heads next to the Tesla, while the other approaches the house the antenna-wire aloft. Somewhere inside the house, likely fairly near the door, the Tesla’s key fob is broadcasting a proximity signal.
Normally, when the fob is in the owner’s pocket, this signal is “heard” by the car, which lets it know that its master approaches, key in hand or pocket or purse, so the car unlocks itself and prepares to be driven.
Here, though, the car is fooled by having that fob signal detected with the antenna-wire, connected to a transceiver, which rebroadcasts the signal to the partner by the car, who has a receiver that takes the signal from the fob, via the transceiver, copies it, and broadcasts it to the car, which is fooled into thinking the actual key fob is close. This is known as a Signal Amplification Relay Attack (SARA).
It’s sort of like getting into a secret club by eavesdropping the password through a door, then yelling that password to your friend by the club, who tells it to the bouncer.
It should be mentioned this attack is not unique to Teslas; most cars with proximity keys are at least somewhat vulnerable to these sorts of attacks.
We reached out to Tesla for comment, and were told that via enhancements like PIN to Drive, cryptographic verification and Sentry Mode, Teslas are difficult, at best, to steal, and that Tesla wants to give customers flexibility to find what combination of security features works best for them.
If you don’t want this to happen to you, for some reason, you could keep your fob wrapped in tinfoil, like a leftover hoagie, or a faraday cage, like an electronic leftover hoagie, or you could set up your Tesla to use an extra layer of security, like the PIN to Drive feature.
With PIN to Drive, you have to enter a four-digit code before you can drive, which makes it sort of like all those old Fords and Lincolns with numeric keypads I’ve never seen anyone use, and all of this seems like a much bigger ass-pain than putting a damn key into a hole and twisting.