In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment. Since the Tesla 3’s keyless entry system also controls the car’s immobilizer feature designed to prevent its theft, that means a radio hacker could start the car and drive it away in seconds—unless the driver has enabled Tesla’s optional, off-by-default PIN-to-drive feature that requires the owner to enter a four-digit code before starting the car.
Was just pondering over this.
Would it suffice to implement a handshake between fob and car, but also prevent the handshake from establishing if the car or fob receives its own signal, indicating its signal being replicated? Since it’s a radio signal this would at least make it somewhat harder, but still not impossible, to relay a signal.