Car NFC Card Megathread

I am highly doubtful they would need something so risky.

Since the reader on the door is full RFID rather than a dumber/proprietary/third-party sort of key implementation, I imagine once the car is placed in service mode remotely the command and control cloud which connects the car to Tesla could also load or enable a service key based on its specific signature or even proxy unlock requests up to the c&c cloud for approval in a sort of 2FA type arrangement.

I see no reason why Tesla would need any kind of master key at all, just a way to enable a different key remotely or open up a set of keys signed by a specific upstream authority.

Hopefully I have the terminologies right here, I do understand the broad principles of key and certificate based authentication but it’s hard to communicate succinctly without saying the word key over and over till the point it loses meaning. :sweat_smile:

The key :crazy_face: is to remember we are not talking about keys (physical) :crazy_face:, rather we are talking about smart cards and distributed, key :crazy_face: based authentication. In fact Tesla is possibly operating one of the largest, modern key :crazy_face: distribution and authentication networks around.

2 Likes

No, there actually is. That’s what I’m saying. I can’t remember but I think someone found the UID in the code in the on board computer for the RFID stuff. It always looks for that particular UID.

2 Likes

eh what? seriously? like … elon has a master key to any tesla based on … a UID ?!

1 Like

It’s like the new golden ticket hunt, no purchase necessary

4 Likes

Ok. I am back to WTAF!!!

I suppose it would make hire cars a thing of the past…! But remember this is not new. The entire NYC police fleet (which in retirement seem to become taxi cabs), had the same key for ages (not sure if they still do). Although that was a cost thing on the key cylinders…. But still.

Oh it was more like most of the nation 1284x

1 Like

I guess that geofencing, service status from a database or menu option, and a speed limiter could be used to limit the abuse of a master key?

And I do hope that they’re using proper encryption instead of the UID…

1 Like

There’s no way… I don’t want to believe they’re that stupid

I would like to present, Exhibit A
human race

7 Likes