FOB to Mitigate Relay Attacks

Now Implemented!

Description

Any car can be stolen. But with wireless keys, the signal can be relayed so it seems the keyfob is closer to the car than it actually is.

Such replay attacks are hurting Model S & X customers even if their cars aren’t stolen because of increased insurance costs or reduced convenience because we now have to turn off Passive entry or enable “PIN to drive”. And in the Netherlands, cars are actually stolen for parts (e.g. 9 in just a few months last year).

One FOB solution might have a 3-axis accelerometer or another form of on-body detection that generates the passive entry signal only if they key is carried/moved towards the car. This way, a key that’s “too passive” (sitting in a coat or bag in a wardrobe near the door), will not open the car when this is relayed closer to the car.

Competitive/Pricing/Notes

I’m aware of at least BMW using this in their keyfobs. Additional benefit is that keys could last longer because they don’t periodically have to pulse radio signals if the key is sitting still. The IMU (inertial measurement unit) could also be used to enable additional gestures, like double knocking on the key to (for instance) open the trunk. This would be easier to “trigger” than pressing the right button, you’d have to hold the key for that.

Status

In June 2018 Tesla started shipping an improved FOB for the Model S that reduces the chance of this type of attack working. Upgraded FOBs can be purchased for all older Model S cars. The Model X already has additional protections.