Major Security Issues with Bluetooth Unlocking, use the Digital Key standard

Aptera Community Aptera Discussions Major Security Issues with Bluetooth Unlocking, use the Digital Key standard

Aptera Community Aptera Discussions Major Security Issues with Bluetooth Unlocking, use the Digital Key standard

  • Major Security Issues with Bluetooth Unlocking, use the Digital Key standard

     David Marlow updated 2 weeks, 3 days ago 13 Members · 27 Posts
  • Matthew Crawford

    Member
    June 15, 2022 at 4:09 am

    I loved seeing the electrical system testing setup in the QA yesterday, but the announcement that you’re planning to use Bluetooth with an app as an alternate unlock method raised all kinds of red flags.

    This article talks about how Tesla’s can be unlocked due to a major flaw in Bluetooth security:

    https://arstechnica.com/information-technology/2022/05/new-bluetooth-hack-can-unlock-your-tesla-and-all-kinds-of-other-devices/

    You need to stop all work on using bluetooth and instead focus on implementing the Car Connectivity Consortium’s Digital Key standard. This is what Apple uses for the CarKey feature in Apple Wallet and Google also has their own implementation of this for Android. The latest version of this standard uses ultrawideband chips to allow you to unlock your car and start it just by having your phone in your pocket or a compatible smartwatch on your wrist (Like the Apple Watch). This also provides a number of useful features such as letting people share the key with family and control what the shared key can do. For example a parent could share the key with their kids, but only allow them to unlock the car and not actually start it.

    Considering the fact that you’re already using NFC cards as the regular keys and that’s part of this standard, it shouldn’t be too much more work to expand that into full use of the standard.

    More information here:

    https://global-carconnectivity.org

  • Paul Evans

    Member
    June 15, 2022 at 6:07 am

    Great catch, Matthew. I wholeheartedly agree with your position!

    I read the CCC’s whitepaper and it does support the use of Bluetooth Low Energy use in combination with Ultra Wideband for Digital Key authentication.

    I’m hoping that the electrical system testing component presentation mentioned Bluetooth as a shorthand version of the CCC Digital Key Release 3.0.

    Digital Keys and Public Key Infrastructure (PKI) concepts are difficult to explain to an average person, usually resulting in lots of exploded brains. ๐Ÿค•

    I’ll email Aptera to clarify what they meant.

  • Curtis Cibinel

    Member
    June 15, 2022 at 7:17 am

    In the case of Aptera their planned solution has fairly easy way to make this attack far less practical; the sound of knocks themselves (something tesla and others don’t include). The exact timing (to a fraction of a ms thanks to ntp) can be used. Since the attacker can’t edit the message and has lag and the precise timing and relative gap in the sounds can be measured by the phone (in response to proximity so it doesn’t always record). If they use the knocks this takes the attack from somewhat tricky to largely theoretical.

    The only way I see the get around this would be a device placed on the aptera made to perform the taps with exact characteristics and the near user attacking device to also make the same sound. They could then perform the attack at an exact predetermined time which would require the autotapper on the car and the near user attacker in proximity.

    The only other Bluetooth option (beyond those mentioned in the article) for tesla / Bluetooth locks that could use is some user interaction added on the phone (or smart watch). This could be clicking a button or an authenticated voice wakeup command with os support (ie hey Google/siri unlock car).

    Nfc could also be used but this would require physically touching the device to the vehicle (like tap based payment).

  • John Smith

    Member
    June 15, 2022 at 7:39 am

    How many cars have been stolen using this method? Is this making a major problem out of something that is not a problem? Theory vs reality or possibility vs probability.

    • Jonah Jorgenson

      Member
      June 17, 2022 at 6:53 am

      Rational post. Best to avoid the knee jerk reaction and assess objectively then solve the real problem rather than vigorously wave hands in the air and worry that every Aptera will be subject to opening by nefarious people. My dad’s generation used a car jimmy to easily open a car.

      • Oz (It’s Oz, just Oz)

        Member
        June 17, 2022 at 7:38 am

        “Cough cough” A Slim Jim.

        signed

        An Old Guy.

        • Jonah Jorgenson

          Member
          June 17, 2022 at 7:56 am

          Thanks for the correction! ๐Ÿ˜‰ guess you have experience with one????

          • Oz (It’s Oz, just Oz)

            Member
            June 17, 2022 at 8:14 am

            Actually I still have one in my car, but haven’t seen a lot of cars it will work on for a bit

        • Dennis Swaney

          Member
          June 17, 2022 at 8:48 am

          For the younger set: not the brand made by Conagra

      • kerbe2705

        Member
        June 17, 2022 at 1:54 pm

        @Jonah Jorgenson For the “visual learners” among us…

  • Brad Renninger

    Member
    June 17, 2022 at 6:38 am

    I think the security concerns of getting into the car are entirely different than those for Starting/Driving the car. If entry and driving have different authentification methods I see no issue using your phone to get into the car an not start it.

    • Curtis Cibinel

      Member
      June 17, 2022 at 8:46 am

      Hopefully the digital key features of phones expands and features can change in software. That 2nd step when inside could be “hey Google start car”. This would essentially add the voice print of Google (or Siri) to Bluetooth security. Admittedly the voice print mechanism is not the strongest but it adds two elements (just as my knock timing suggestion). Also like the knocks for optimal security a mic in the aptera could compare the exact sound waves to those of the car for even more security. Alternatively a prompt notification (optionally accessed without unlocking) would require a simple tap on the phone.

      When looking at car security in general since the introduction of the immobilizer (or secret hidden ignition control switch hacks) it has been harder to start a vehicle than enter. Going backwards would seem a mistake. A slimjim or a brick will get you into basically any car but steeling it is a bigger concern.

      • Jon Arryn

        Member
        June 17, 2022 at 8:49 am

        I don’t see how a “voice print” is any more secure, i.e. some Mission Impossible flicks, just as example. Current state of biometrics is easily hacked. Of course you could go old skool and just bust a window like Elon and his bullet-proof window CyberTruck foolery

        • Curtis Cibinel

          Member
          June 17, 2022 at 9:00 am

          Because then they need to perform everything in the Bluetooth relay hack AND stimulate the person’s voice in the location of their phone (which is not actually at the vehicle for the relay attack).

          Multifactor authentication is a recognized security best practise and its use has exploded with totp or texted codes in recent years; this approach is multifactor aswell and would similarly make effective exploits harder. If someone hacks your password and uses a stingray to get that texted code they can get into your account but the MFA measures make this far more logistically difficult to get in than either measure alone. “Secure” is a sliding scale not a binary yes/no.

          • Jon Arryn

            Member
            June 17, 2022 at 9:23 am

            Blerg

        • John Malcom

          Member
          June 17, 2022 at 11:35 am

          Ha! Yep, busting a Window. Fast, straight forward, no complex tech needed. Sometimes the old ways are the best

      • Brad Renninger

        Member
        June 17, 2022 at 8:59 am

        I think their RFID and Bluetooth is just for entry and might only be a secondary authentification for Starting.

      • kerbe2705

        Member
        June 17, 2022 at 1:57 pm

        @Curtis Cibinel The “smart locks” on my home and garage doors request that I speak a PIN number before they will unlock/open – although ANY voice with access to my various smart speakers can lock/close them.

        • Curtis Cibinel

          Member
          June 17, 2022 at 2:01 pm

          The difference here is both the car and phone can record the input (tap timing or voice commands) and only allow access if they match exactly. The point is to avoid relay attacks and ensuring consistency handles that nicely. A backup method is always needed if it’s too most or you kill your phone.

          • kerbe2705

            Member
            June 17, 2022 at 2:07 pm

            @Curtis Cibinel – wasn’t disagreeing – just “adding to” the discussion of voice commands.

            Pondering the knocking: What issues might arise if the vehicle is covered with ice?

  • Matthew Crawford

    Member
    June 17, 2022 at 4:49 pm

    One other advantage of using the Digital Key standard is that both the iPhone and Apple Watch implementation allow the phone/watch to still function as a key even after the battery is dead. It isnโ€™t indefinitely, but it does function for several hours. An app using Bluetooth will never be capable of doing this.

    I donโ€™t know if any Android phones have this functionality, but the advantages to using the standard are far greater than rolling your own system. Not just for the improved security, but also for the other features I mentioned, like sharing keys with kids that only allow them to unlock the door and being able to easily revoke the access at any time.

    • Paul Evans

      Member
      June 19, 2022 at 6:31 am

      Samsung has UWB and supports Digital Keys on the Galaxy S21 and later models, plus the Watch 4. Downside is they’re pricy. Don’t ask me how I know. ๐Ÿ™„

  • Tim Dean

    Member
    June 17, 2022 at 6:36 pm

    Combine with facial recognition should be very secure. The Aptera has enough cameras.

  • David Marlow

    Member
    June 19, 2022 at 5:05 am

    Lots of cars using digital keys have been stolen in the last couple of years. What is needed is something different that the thieves do not know.

    • Paul Evans

      Member
      June 19, 2022 at 6:41 am

      Surprising since the current Release 3.0 is just being implemented on the ’23 cars now. Please cite your sources. Oh, and the implementations have to be certified by CCC.

      • David Marlow

        Member
        June 19, 2022 at 8:14 am

        My source is the evening news, the only way now the manufactures have of the thieves getting too far away with brand new cars is to put very little gas in the tanks. That way they find the cars before they can get much more than a mile away.

Viewing 1 - 8 of 8 replies

or to reply.

Original Post
0 of 0 posts June 2018
Now