It's a feature
The removable steering wheel is for security - just take it with you when you park
The first keys and locks appeared some 6,000 years ago and continue to work well. We use them to secure our homes and cars among many other things valued by us. But Big Tech – ever in search of solutions without problems – disdains anything that doesn't have a microchip in it. Apple, for example, thinks it would be wicked cool …
But that's exactly the situation on my Audi. It is a smart key that lets me just open the door and it will automatically unlock if the key is within a few feet of the door, but in case the battery dies there is a key hidden inside that can be slipped out to unlock the door.
Not sure how that key allows starting the car but I assume that's doable as well.
I'm afraid you'll have to do something unusual: read the manual :).
For models with keyless start (i.e. a start/stop button), there is a place where you have to place the key so its RFID circuit can be picked up by the car, usually somewhere in the middle console. Once you've done that you will find it will start.
You also need that location to resync the key in case it has lost battery power for too long, so worth looking up before you need it :).
A slot for a keyless key might have saved a former colleague of mine a right PITA. She'd spent the weekend camping, packed up, driven off, then some time later stopped for coffee. Returning to her car, she realised she didn't have her car key. It must have fallen out of her bag near her car, allowing her to start the car and drive off. She called the campsite but it had been a popular event and lots of cars had exited the car park since and the keys were not visible. So she needed recovery, and a replacement key,... all because you can start the car without knowing exactly where your key is. Not a fan of that idea myself.
My car gives the most annoying beeps if car is running and you jump out and close the door behind you if you keep the key in your pocket. Well within the range where the fancy touch the sensor to unlock doors -feature works. I suppose there are different detection areas and door unlock and start engine use different circuits.
I will definetly test at some point the multiple ways this arrangement will also fail in practice.
> I'm afraid you'll have to do something unusual: read the manual :).
I'm afraid they've solved that problem too, modern cars don't come with a manual, they have an app
The app will tell you millions of things about the car you can't imagine why anyone in their right minds would want, but bugger all about things you might need to know.
Least ways that's my experience with a recent Merc. loaner car.
NEVER give a Merc app your real data - give it an account you can wipe later and where possible fake personal data. I unavoidably had a Merc some 5 years ago and I still get spam. All efforts to have Mercedes delete my details have failed so it's about to hit the regulator when I find some time (note to self: read less El Reg so you actually have the time).
"This is why you have your own domain so you can hand out individual email addresses and cancel them when they're finished with."
Your email daemon still has to bounce the junk mail (or bit-bucket it, if you prefer).
Personally, I'd rather cancel the spammer and not have to deal with it at all.
This is why you have your own domain so you can hand out individual email addresses
Or, like in my case, have your email address as the catchall address for the domain. Each email address I give out is in the form of [person]-[website/company]@... That way, if I start getting spam to that address, I know who has leaked my details (or is improperly using them) and can do a GDPR complaint against them.
And block that email variant address in the SMTP proxy on my firewall.
There's only a few in the block list at the moment - the most prominant of which is my linkedin variant - got *lots* of spam going to that.
I am having a car of different brand and they keep sending me info about some guy's car. They said they are unable to stop these notifications, they tried multiple times...
So yeah, it's nice to receive notifications that Mr M has his service due or invites to member's only events.
I get SMS "emergency" messages from Dominican University of California. I have never been enrolled at, have never worked for, nor in any other way been affiliated with Dominican. Read the rest of the stupidity here:
https://forums.theregister.com/forum/all/2019/11/12/gary_email_mixup_pt2_dartford_toll_bridge/#c_3913782
It's been over four years since that post, close to ten years since the first message. I *still* get SMS "emergency" messages from Dominican.
modern cars don't come with a manual, they have an app
They still have a manual you can download, I have a copy of it on my iPhone (stored locally so I can read it without internet access) Of course as it is 300 pages I will never read it just like I never read the paper manuals that came with past cars. I'll refer to what I need to refer to if/when the need arises.
They still have a manual you can download
My 5-year old Toyota came with a physical manual..
I read it once (mostly to see how the auto-parking worked - I've never used it because I don't trust it) and it currently lives in the sideboard cupboard with all the other manuals I never read.
So, you unlock your car / house with your phone. What happens when you run out of charge and the charger is inside?
Yes. Smartphones are terrible authenticators. They're fragile: besides the power problem, they're full of sensitive electronics that can easily go bad for any number of electrical, chemical, and mechanical reasons. (I'm careful with my phones, but since I moved from feature phones to smartphones few have lasted more than a year.) They're easy to lose, because they're small and usually not tethered to anything and people take them out all the time. They're prominent theft targets.
They're also riddled with software security vulnerabilities and many people are prone to installing insecure or malicious applications.
Using a smartphone as an authenticator – whether it's a primary authenticator, as in this case, or part of a multifactor scheme – is a lousy idea. It's popular with security experts because most of the users they care about already have a smartphone, so there's no additional hardware to deploy. But it introduces a host of failure modes.
(I'm careful with my phones, but since I moved from feature phones to smartphones few have lasted more than a year.)
For real? What do you do with them?
My current smartphone is almost five years old and (touch wood) showing no serious signs of failure yet - battery is still strong, screen is slightly scratched but not obtrusively so. The memory card is getting a bit full, I need to delete some data, but that's about all that's wrong with it.
The charging cable is another story, that is really past it, but fortunately the charging port is interchangeable with everything else.
Did you read the article? What you describe is somebody who is intending to break in. It's known that keys can be copied. I've seen a locksmith open a door because of a lost physical key, took 5 minutes with a battery drill, none of the neighbors noticed.
But here, the driver broke in the wrong Tesla without intending to, without even noticing. It's a whole new level of crap lock.
Usually doesn't even need "a special hook". Keys get work-hardened at the point where the twisting force is maximized. They break right at the top of the cylinder, with no twisting in the body of the lock. Usually a bit of chewing gum or bluetack will wiggle the busted bit out ... if your multitool can't grab it.
But here, the driver broke in the wrong Tesla without intending to, without even noticing. It's a whole new level of crap lock.
Nothing new about it. I recounted this event right here on Register comments not too long ago. I drove several metres before I realised the interior trim on my car had changed colour. Decades ago, my first company car. I had got into another Ford the same colour and drove it away. Using the good old fashioned key, which nobody ever lost, or bent. In a good old fashioned lock that nobody ever turned using a screwdriver blade, or half a tennis ball.
Yeah seriously, there have easily been a dozen model cars over the years that repeated the same mistake, using too few standard key blanks on the production line resulting in mixed up cars at mall parking lots, grocery stores, etc.
The amazing thing here is how it would happen to a phone based or digital key, where they really aught not be making those mistakes. You can only have so many pins/wafers/tumblers/levers in a regular keyway before things get silly. The locks on a Tesla shouldn't have that problem in a phone app. That is either a nasty bug, or a serious faceplant in the design of the system. As cheap as binary bits are, collisions between two devices should be something that happens on geologic time scales.
Even if the door is stuck with a simpler reader, it should be triggering an out of band handshake if it can't support sufficient entropy to prevent people driving off in each others cars.
If only there were some sort of index number easily visible on the vehicle... I mean, particularly if you're parked next to an other similar car, wouldn't you check which was yours?
It wasn't parked next to it. It was in a very similar adjacent car park. I mean, wouldn't you just assume they were next to each other even though the comment never mentioned them being next to each other. ? FFS what a thicko.
.
"If only there were some sort of index number easily visible on the vehicle... I mean, particularly if you're parked next to an other similar car, wouldn't you check which was yours?"
Good point. But in a hurry and they "key" just unlocked the car and probably flashed the lights so "obviously" that must be "yours" :-)
using too few standard key blanks on the production line
Or, like my old Cortina, having locks so badly made that they could be opened with a screwdriver..
(Or like the old guy that does the Morris Minor servicing - he turn up in a 1930's Austin - it doesn't have door locks at all because they didn't think they were needed.)
FWIW, one physical key working in multiple, otherwise unrelated, cars is a well-known situation.
... pause while internet is consulted ... ah yes, here it is.
In fact, major car manufacturers such as Honda, Toyota, and Ford use approximately 3500 distinct key combinations. Therefore, the odds are reasonably good that someone else out there may have the same keys you do.... Locksmithhttps://www.txpremierlocksmith.com › twin-car-keys-key-..
That reflects the physical limitations of practical physical keys -- the number of tumbler positions and levels at each position that will work reliably even after years of wear. One might think that electronic locks could have enough bits for every key to be unique, but apparently not.
Honda, Toyota, and Ford use approximately 3500 distinct key combinations. Therefore, the odds are reasonably good that someone else out there may have the same keys you do....
The birthday problem/paradox then says you only need to have sqrt(3500) = 59 of the same model of car, before it's likely that at least one pair of them will share the same key.
"Determined crooks" can get around, or through, anything. That's the basis of many tedious movies.
But only a tiny handful of crooks are "determined". The vast majority are looking for a soft target, they're not going to spend hours of time on planning or training or researching how to steal your car when your neighbour has made theirs that much easier, by leaving the keys in.
I had a Subaru with a key and/or lock so worn that the key could be taken out of the ignition without turning it off first. I found out by discovering the key had fallen out whilst I was driving. Great for cold mornings; start the car, take out the key, lock the car and go back indoors until it had defrosted the windows.
Electronic keys can never be secure. Ever.
I send the key.
You see the key and unlock,
You change the key,
The key changes.
In theory by a five year old this is perfect but anyone with half a brain asks the following of what would happen if.
You send the key.
It doesn't get the key.
Someone else then sends that key.
They get the new key.
Their key is now the key and your key won't work.
No amount of encryption is ever going to fix that.
Add to that whatever lazy arse programming (or avoiding customer issues and associated costs) was put into this and it's a recipe for disaster.
At the end of the day even physical keys are pretty useless but they take time. This is one of the basic tenets of life. If you can design something then someone can look at that design and break it. Look at Windows ME. Nearly every single device manufacturer managed to break that with simple device drivers and they weren't even trying to.
... that remote keys can be defeated, rolling key codes are a thing, and it's not quite as simple as your "anyone with half a brain" scenario suggests.
If someone has a previous capture of your keyfob transmission, there is usually a limited time window in which they can use it (provided they defeated your vehicle from receiving it, and rolling to the next code). And even if they use it in that window, it's often a one-time thing - they don't have "the new key" without a bit more work. They could, for instance, very well find they have opened the car but can't drive it off.
I give a pass to the really old stuff in the pre or barely transistor era. To make those secure you needed to be clever, and the results were expensive.
These days there should be no excuses, but there is plenty of hot garbage being passed off on the public. But lets be clear, this is a solved problem, on basic hardware, and probably since the mid 90's. But the same type of idiots that developed the first 15 years of WiFi protocols made most car remotes, garage door openers(that still can't be programmed to accept the signal from your car remote, unless it has a dedicated garage door button), swipe cards for access control systems, etc. etc, ad nauseum
This is basic encryption, and can be safely handled with public keys, time based one time passwords, or symmetric keys with a wrapper and proper salting. But the manufacturers seem allergic to anything that makes round trip/bi-directional communications necessary. The government also hasn't been great at allocating a small slice of dedicated frequency in one of the good bands for a modern remote or wireless key system. They ought to have the FCC cough up a slice to the winner of a NIST competition like the other encryption standards. One protocol family, independently designed, and standard to all manufacturers that are allowed to use the band. On a frequency that isn't limited to line of sight in a normal building and can reach at least part way across a parking lot.
IN broad strokes the remote would chirp a short alert that the door/car/device would listen for. The device would chirp back a nonce the remote would use to build it's reply, which the device can then validate without exposing the remotes private key. It's not rocket science or brain surgery.
The rolling key algorithm is a bit like 2FA, it needs a shared secret to work. That's why criminals tend to longline the radio signal of the actual owner's key, it's much harder to break the code. This is also why a new key needs to be synched against the vehicle's system - that is when the key exchange takes place.
Not all of these systems are perfect so there have been some rather embarassing problems but overall it seems to work because otherwise you would no longer be able to insure a car against theft. Heaven forbid an insurance would actually have to pay out - trust them to be pretty much immediately on the manufacturer's case.
Of course, with Tesla they would either have to tweet to Musk or send a summons to the actual company to get anyone to talk to them, but in general insurance companies like to avoid giving back any of the loot they get off their customers so they'll be knocking on your door pretty quickly if you have a volume problem - which Tesla seems to have. Again.
https://www.thisismoney.co.uk/money/cars/article-6828053/The-keyless-car-crime-loophole-thieves-use-electronic-trickery-insurers-refuse-pay-out.html
They just don't pay out or in fact refuse to insure.
https://www.thetimes.co.uk/article/thefts-make-keyless-range-rover-bmw-and-mercedes-cars-uninsurable-vtnthfht5#:~:text=%E2%80%9CIt's%20slowly%20happening%20but%20certain,fob%2C%20which%20contains%20a%20transmitter.
Simple just like any other smart card (although manufacturers may go the dumb route). Key says "hello" to car, car replies "calculate the answer to X using your private key". Key replies with correctly calculated answer. You can record this, but unless the car asks the same question twice, your recording isn't of any use,
Then there's the relays used for stealing cars when the key is still in the house - it shouldn't be difficult to calculate the latency of the comms to decide how close the actual key is i.e. 1m away or 5m away.
Which has exactly what to do with HTTPS? (Please, for the love of god, don't let any auto manufacturer be using HTTP in their door-unlocking protocol.)
Perhaps you meant "asymmetric cryptography", which is very much not co-extensive with HTTPS. Nor is it a particularly good way to implement a door-unlocking protocol. TOTP is better, though clock synchronization after power failure is a problem for devices that don't have access to a relatively trustworthy external time source. Rolling codes is the most common solution; challenge-response, if both devices have sufficient capability, is better.
Asymmetric cryptography is overly resource-intensive and over-engineered for the problem, since (as jake pointed out) locks only exist to deter crimes of opportunity anyway.
While I'm glad it all ended well for Rajesh and Mahmoud, I wonder what the insurance situation was? In the 10 minutes Rajesh was driving someone else's car without their permission or knowledge he was almost certainly not insured. And on being stopped by the police and asked if it was his car, Rajesh could have been in quite a bit of trouble.
Admittedly the AA does this thing where you can have yourself rather than the car covered for car breakdowns*, so that if you are being given a lift you can call them out to help, but I don't think any insurance companies cover taking someone else's car without their permission, unless you are a police officer requisitioning the vehicle for official business.
BTW I recently had a mechanic come round to repair my car and he was insistent that I should only use the buttons on the key to lock and unlock the car as it can affect the immobiliser if I just turned the key on the lock.
Life is just getting too complicated for a bear of very little brain**, such as myself.
*Just car breakdowns, mental ones are done by the NHS, if you are lucky.
**Now out of copyright.
> rather sensibly the car is insured, not the driver.
The car is insured - for *any* driver, not just the named ones on the policy?
So if I - ahem - borrow - your car (with every intention of bringing it back before you wake up, no "intent to deprive" here) I'l be fully insured during the joyride? Sounds good.
"If I've got "car insurance" in Sweden, can I borrow a long-haul truck-tractor from a friend, hop in, (at least try to) drive off, and still be "insured"?"
Here in California, the insurance I have for my Peterbilt will cover me and an alternative vehicle, should I see the need to borrow (or rent ... which has it's own insurance) another vehicle. There are limits to how long this insurance transfer lasts, but it can be invoked as needed with a phone call. Likewise, the insurance I have for passenger cars follows me when I have a need to drive an alternative passenger car, but no phone call needed. Same for motorcycles. None of the above cost me a dime extra ... but then my record is clean.
In New Zealand, my car insurance covers the car for any driver. If i name a person as a driver on the insurance, it knocks NZ$ 400 off the excess in the event of a claim. Car insurance here is much simpler because there is no personal injury aspect to it, it is simply about repairing cars and stationary objects. ohh, and car insurance is optional. If i'm hit by an uninsured driver, then my insurance company will take them to court for the accident costs and collect the money from their wages over the next 5-10 years.
What about the personal injury and medical costs? In New Zealand there is universal accident cover for everyone in New Zealand. ACC will cover your health costs, rehabilitation and lost earnings - even if you stow away on a containership and break your leg jumping onto the harbour dock in Auckland.
There is no pain and suffering compensation, we are made of tougher stuff, and just get on with it. :)
California here ... my insurance covers my passenger vehicles for any legal driver, and similarly, in the event of a claim there are financial incentives to name a second (third ...) driver specifically for he vehicle(s) covered on that policy. Usually, but not always, the extra driver(s) is(are) a dependent.
Define "steal". In English law the definition includes the intention to permanently deprive the owner of their property. I may have got the wording wrong, but the consequence is that joyriding (where the vehicle is abandoned at the end of the ride) is not theft, and a new offence of "taking without owner's consent" had to be created.
Interesting question, if you bring the car back in one piece then insurance is moot. If you were to have an accident then that would be dealt with as vehicle taken without consent, in which case I've no idea what happens as I don't plan to borrow a vehicle without consent :)
But the insurance usually follows the car in the US and a "Standard policy" will cover another driver if they are also insured. The owner faces some additional liability. In CA that used to be about 5 grand, but it may have gone up in the decade since I got run over by a loaned BMW.
Some policies are named drivers only, usually to get better rates, or for exotic or vintage cars. In that case you'd get into the weeds, as the swap was accidental.
Still, glad that we got to see the press cover a case where the owner of the cars didn't act like the owner of the company. Not everyone in a white model 3 is watching the lord of the rings extended editions or is a coked up sociopath trying to have sex in the back seat on their ride to work.
...most people opt for the phone. You're going to be taking that out with you come what may, obviating the need to carry around another item to lock the car.
I don't. I sometimes intentionally leave the phone at home because I don't want to be any more disturbed than I already am. Especially after phones expanded to dimensions that exceed most convenient pockets. Once you break the phone anxiety habit, you can relax more without having to check your phone every few minutes in case you missed a beep notifying you that there's an exciting new offer for something you don't want. Or, because for a lot of these unlock services to work, you have to keep location services on. So by the time you've been flooded with, and deleted all the special offers from businesses near you, your battery is flat and you can't unlock your car. Or house.
I guess with a house, there could be a market for adding weatherproof USB or wireless chargers to your door furniture. I guess it might be harder to accidently lock yourself out given the phone won't detect it's outside the threshold. Or it might use it's essential health monitoring functions to detect that you've left it home alone, and lock the door out of spite.
I usually take mine long just in case of a car breakdown. I figure that Murphy will catch up with me if I don't (the one time I don't have phone with me, etc.). I just leave the thing turned off.
I typically don't have it turned on at home either. I keep getting emails from my wireless carrier wondering if I'm having problems with my account...
My phone has my personal email account and the joint one I share with my wife both set up on it, but I have synchronization disabled. I only let it download messages if I know there's one I actually need then, and I'm not at home. It happens maybe once a year.
But then I turn off email notifications on my personal and work computers too. The whole point of asynchronous communication is to not interrupt you.
and tuck it behind the bumper cover or wheel well. You may now charge your device in the event of a dead battery. Might not help if you lose it entirely, but will save you if you kill the battery roxing out while you are jogging or take one to many selfies at brunch.
Of course in the old days I did the same thing with an stiff coat hanger just in case I locked the keys in the car or lost them. I figure if any other idiot could slim jim my car open I might as well be able to myself.
in the old days I did the same thing with an stiff coat hanger just in case I locked the keys in the car or lost them
When I first started driving, I had a spare key made. I cut most of the bow off it, so it was basically just shoulder and blade, to make it smaller, then tucked it in my wallet. I don't know that I ever had to use it, but I was glad it was there.
With a later car I got one of those magnetic hide-a-key things and tucked it up in a wheel well, stuck a bit under the plastic underbody cladding so that it wouldn't shake loose. Then not only did I have a spare, but so did any friend if I had to have them pick the car up from somewhere. A thief wouldn't have bothered to look for it, just jimmy the door open, as you say, so there's no additional risk to doing something like that.
Of course, with modern transponder keys, you don't want to do that, unless you put it in a Faraday cage.
A couple of "how I was an idiot with my transponder key" stories:
- Went swimming with the extended family in Lake Michigan, at Sturgeon Bay Beach, up at the northwest tip of the LP. A small but nice beach, and very isolated; it's often deserted, and you'd have to go some miles to get a phone signal, at least at the time. My swim trunks had a pocket with a zipper closure, so I put the car key in that, and then we spent some hours swimming and lying in the sun and playing with the kids in the surf and so on. When we got back to the car, it occurred to me that immersing the key in Lake Michigan for half an hour or so at a time might not have been the best idea. I was very relieved when it worked.
- Then a couple of years later I did that again, at a hot spring in New Mexico – not one of the commercial ones, but a little one down in the Rio Grande Gorge. Except this time I had the key in an inside pocket of my swim trunks, and when I remembered it was there, after getting in the water, I checked and it was no longer there. I was with my older granddaughter, who was 8 at the time but already accomplished at scornful evaluation of the failings of her elders.
You do not get a phone signal in the Rio Grande Gorge. We started the walk back to the car, about half a mile, looking for the key on the ground as we went. I was figuring we'd have to walk the road back out of the gorge and then walk a couple of miles until I could get a decent phone signal and call someone. I didn't want to make my granddaughter do that walk, but I couldn't leave her by herself.
When we got back to the car we still hadn't found the key but I had to try the door anyway ... and it opened. I figured the key must be on the ground by the car, but we searched and couldn't find it. Tried to start the car; it started. Looked inside the cabin for the key, didn't find it. Finally I thought to search my swim trunks in their entirety and not just the pockets, and found the key had worked itself out of its pocket and was now just floating around in the netting, conveniently in a position where I couldn't feel it as I was walking.
Since then my granddaughter has been under strict instructions to ask me where the car key is every time we go swimming.
I once found a wallet on a park bench, so took it to the local cop shop. I accidentally locked my car keys inside the car (1972 Ford Cortina) whilst at the cop shop, so, knowing the local panda cars were of the same make as mine, and that their garage would probably have several spare keys, I returned to the front desk and explained the situation.
The desk sergeant told me to go and wait by the car and a bobby would come out and open the car for me. Young Mr. Plod duly arrived, took one look at the car, and said "Don't look". He then removed his cap, opened the sweatband and removed a doubled length of plastic strapping. He slid it through the gap between the door pillar and the rubber seal of the door, and maneuvered it to snag the lock release button, which he pulled up to unlock the door. He then returned the strapping to his hat and said "There you are".
I have since used this trick to open a work colleagues car in the company car park when he had also locked his keys inside.
I don't suppose this would work on modern cars, the lock knobs don't have enlarges caps on them now.
Me neither. Standing in the queue to pay at the supermarket, it used to be the old ladies looking through their bag for their purse that held the queue up. Now it "tech bros" fumbling with their phone and drawing "gestures" or entering PINs to activate the payment. On the other hand, some people just seem to pick their phone out and tap it on the reader, so maybe there are different system or some people are a little more security conscious than others.
How the heck can someone drive an apparently identical car for 10/15 minutes without realising it was the wrong car?. As soon as I sit in my car after the garage has done some work on it I know this is not the car I left them with as the seat and steering wheel positions are not the same. It would be an extraordinary coincidence for the mechanic who worked on my car to be the same size and shape as me with the same driving position preferences.
I can't speak for the Teslas, but my car carries the settings for the electric seats and mirrors in the keyfob memory. If I open the car with my keyfob, it recalls my settings. If SWMBO uses her keyfob, then the seat and mirrors are set for her.
It sounds like a gimmick but if you're as sensitive to your seating position being 'just right' as I am then it's a really useful feature, no fiddling about getting back where you left it if 'er indoors uses the car, or indeed if a mechanic's shifted it. It's not an option I'd have chosen to pay for, but I bought mine secondhand, it came with electric seats, and having experienced the convenience I might actual pay for it in the future should the situation arise.
though it also sounds like one or more of your dimensions are non-standard. :-)
For me it's not such a surprise considering the interior of a white model 3. One of the most spart... I mean minimalist interiors.
I liked the cockpit of the earlier model S, the Y and 3 bug the crap out of me honestly.
Unless you are a car packrat, there just isn't much to see. My old roommates had similar issues spotting their Prius, probably one reason so many are covered with stickers.
Stealing any car made before chipped security keys is trivial. Google the problems with kia boyz.
Once you realize that the key does basically nothing and its the chip and the ignition interlock preventing theft, then you can remove the needless key.
It was also possible to open other people's cars with your car key in the world before chips. That should actually be possible to eliminate with electronic key fobs, but trust Tesla to screw that up.
I’d like my key to be able to open my car. I’d also like it to be _only_ my key which can open my car. Not someone else’s key. I also have little interest in opening someone elses car.
This is unless you drive a HQ Holden which had 7 different keys for the entire production run. A mate locked his keys in the car at a large even one day and was a little lost as a result. A fellow HQ owner walked past and thought he’d talk this other HQ owner having a concern with his car. Explaining that he locked the keys inside, the other bloke said, “I’ve got a HQ too, let’s see if the 1 in 7 chance of us having the same key is in effect here.” Sure enough, the key worked and my mate was able to get inside without having to break in.
>I’d also like it to be _only_ my key which can open my car. Not someone else’s key
There are about 80Million cars made every year. That's quite a lot of active car locks to all require a unique key.
Even then there is LPL's "click on one, some resistance on two ....."
That 80 million is only a problem for physical keys, it's too hard to have both enough key differs to cover that and have big enough mechanical tolerances to be reliable. For active electronic locks it's just a question of using a few more bits, and binary digits aren't in short supply.
During the 1980s, I saw some keys shaped like a flattened hexagon; there were four usable faces, and these surfaces had five divots of varying depths bored into them for the lock pins to go into. Add a long-ways notch so there's only one physically-possible* orientation which allows key insertion, and place five divots on each usable face, each divot with one of five possible depths, that's .. uhm ... the math escapes me: something factorial? 5^(5*4)? (== 95,367,431,640,625) ... a lot more than 80 million, anyway.
*Presumes someone doesn't try to force-fit it with a sledgehammer.
So you've carefully done what you can to make it so that each car can have a unique physical key.
Then someone comes along with a hammer, screwdriver and maybe some vice grips and if you don't have a chipped key anyway then they're off with your vehicle.
I'm old as well, and I had a software engineers distrust of electronics. But I had someone tried to steal my 2000 Ranger and in seconds they were able to bypass the key system by mutilating it, but because it was one of the first Rangers with a security key they didn't get the truck, turning the ignition got them nothing.
Maybe, as noted as above, it might be colour grouped? In the 1980s I had a light blue Volvo. Mrs Tim99 and stopped at a Little Chef on the A17 - It was drizzling. When we got back, I unlocked the door, and sat in the blue driver's seat. Then I noticed that "someone" had removed the automatic gearbox and replaced it with a manual. My car was two further along the car park behind a panel van. We quietly got out of the car, locked it again, and drove off in our car...
"Keep the car locked but have it drive itself away."
This has already been possible, and demonstrated. Search on "Jeep Cherokee hack".
The fun one will be when 10,000+ locked and unoccupied cars all head for <insert target here> at a great rate of knots. No brakes needed. Nor obeying any traffic laws.
Think it won't happen? Then you have more faith in humanity than I do.
And you may find yourself behind the wheel of a large automobile...
Wow, that's from 1980. How time flies..
His message to Tesla's press email bounced and another to Tesla's China unit was blocked. "I even tweeted Elon Musk," he said.
...to complain about one of his companies or products. Doesn't matter in the slightest that you don't work for Tweeter - he will start by sacking you from Tweeter.
Clearly this happened because you don't need to press any kind of unlock button, you just try to open the door and the car will unlock if a phone registered to a valid keycard is within distance. I believe this works through Bluetooth.
In this case the other guy's phone must have been nearby, maybe he was still there. Maybe they were returning to their cars together.
Either way it's the downside of an admittedly incredibly convenient way to lock and unlock (just walk away) your car.
I'd like to know how far this flaw goes. Teslas have an optional PIN feature so that even if you get into someone else's car, you need to enter the PIN to be able to drive it. There's no mention of this in the story, so either a/ neither of these people had set up a PIN, or b/ the car also accepted the wrong one. If it's b/ then I'm going to be exceedingly concerned.
Not a new trick. My Dad did this with his 1980s Ford Cortina. Bought a new one mid-80s. Got to work and found someone else in the car park with not only the same car, but same colour. He could open up and drive the other car away. When they tried the keys the other way round the other bloke could unlock but not start my Dad's car.
This was in the days of plain physical metal keys, no immobiliser chips.
But me I also prefer keys. I drive a 1990s Honda and worry about all the electronics that would be in my next car. Tech that is out of date and not updated. When I've been looking at second hand cars it is shocking how out of date things are. My old Honda let me swap the audio system and I currently have it all Bluetooth and connected to my music and sat nav. Newer cars just have built in systems that are obsolete when the updates stop after a few years.
One of my hobbies is building and flying RC model aircraft. In recent years, nearly all RC gear has switched to using 2.4 GHz spread-spectrum radio gear. Each transmitter has a unique identifying code that it transmits to identify it. The receiver needs to be "bound" to the transmitter so that it will only respond to the required transmitter.
A few years ago, one major manufacturer managed to produce a (thankfully) small batch of transmitters with all the codes set to a string of zeroes!!!
I think the safety hazard this presented speaks for itself!
Mercifully word quickly got out and the sets were recalled before a major accident occurred, but it took a while for that manufacturers reputation to recover, and a number of models ended up destroyed!
Whilst spread-spectrum radio gear has resulted in zero accidents due to frequency clashes, it seems that the old adage still holds: "Anything that can go wrong, will go wrong!".
Back in the late 1980s, there was a company in Taiwan which "recycled" MAC addresses on its clones of NE1000/2000 ethernet cards. When you got a new batch of cards which matched the MAC address of one or more cards on your existing LAN[0], much hilarity ensued. As a consultant, the first time was the worst ... after that, the symptoms were fairly obvious. I probably ran across the problem at a couple dozen small companies between '88 and '91ish, and then again (!!) in the mid-late '90s, when people started recycling old Netware kit for Windows networks at home.
[0] An "impossible event", at least according to Novell and IEEE.
It's been said many times before, but using your phone to unlock your house or car is a risky business. The battery in your car's fob lasts one hell of a long time. Phones not so much.
I mentioned this to a colleague who said you could always carry a charge bank around with you. You know one one those things that's generally much bigger than a fob? But that statement just shows this stuff is just technology for the sake of technology. Hey, look what my car can do, it's so much less convenient than a key!
I first owned a car where you never had to take the key out of your pocket twenty years ago this month. But I soon found some serious limitations. The thing about a key is that it fits nicely in the little pocket in my wetsuit and it doesn't care about getting wet. Yes there's still some technology in my current key, a passive RFID tag adding a bit of security. But way back when with that Nissan I tried a key safe under the wheel arch so I could go surfing, but the car wouldn't actually lock with the key so close.
There was a solution in the end but it was complicated and bleeding annoying.
I saw an advert for a modern car with such a system that showed a couple living an "active lifestyle". Presumably they were very trusting folk. Judging by their outfits as they ran down the beach from the car they had nowhere to keep the hefty fob, so the car must have remained unlocked...