Rivian Forum – Rivian R1T & R1S News, Pricing & Order... banner
1 - 7 of 7 Posts

·
Registered
2022 Rivian R1T
Joined
·
29 Posts
Discussion Starter · #1 ·

·
Registered
Joined
·
83 Posts
Interesting read, thanks. It almost certainly does use BLE for phone-as-key, but not sure what's in the FOB. What's most interesting about this particular attack is that it's able to side-step the commonly used mechanisms that vendors implement to try to prevent this sort of attack. That being said, this is still a pretty high-effort attack, requiring multiple coordinating people and the close proximity of the owner's key or phone. It is also not a durable mechanism as it will allow only a single start of the vehicle, and will no longer be effective one the vehicle is stopped out of range of the original phone.
 

·
Registered
Joined
·
83 Posts
This isn't how the BLE or NFC system works. Has anyone had their R1T lifted by a crook using this method? I don;t think so.
Did you read the paper linked in the article? The whole point of the attack is that it is based exactly on how BLE works. The NFC cards are something different, and the fob may also be some other sort of radio, too. Phone-as-key could be vulnerable to this sort of attack, but for the reasons outlined in the paper it would still take a pretty concerted effort to pull off.

R1T owners who have enabled phone-as-key have complained about how the car locks and unlocks when they are walking around their house. I could see Rivian releasing a feature that disables or "quiets" phone-as-key when the car is parked at a known location like home or office. Doing so would also mitigate the attack described in this paper.

As far as Tesla goes their BT key fobs were VERY vulnerable because they had made a cascading series of poor decisions regarding security that made it very easy to steal (at least in theory, who knows how many were actually stolen that way). Given the publicity around the Tesla vulnerabilities, I would expect that Rivian learned those lessons and that their implementation is more secure at this point.
 

·
Registered
Joined
·
935 Posts
Yes, I read the article and the relay attack described is not how Rivian's "phone as a key" BLE entry protocols work, and you cannot intercept a relay message, since you cannot get a relay message or respond to any message triggers about your keys or ownership of the Rivian that is "theoretically under attack". Hackers will hack everything. I'm not saying they won't hack into a Rivian. This just doesn't seem appropriate here since the example used is irrelevant. This is like the argument that using your phone was insecure for payments. Sure, maybe some online payment systems have had historical breaches and vulnerabilities that allowed bad actors to compromise credentials or otherwise deny service, but look where we are today.
 
1 - 7 of 7 Posts
Top