Do we trust Tesla with our cars/data??!!

[gangzoom]

A few years ago back during one of many many services visits it seemed like Tesla could access/see my car even when I have disabled 'remote access', didn't think much of that.

The last time I took my car into a service centre it was susprising to learn they didn't need the key, as they could 'access' the car on premises, fine.

Today I had a mobile visit from a ranger, he messaged me to say he was going to arrive in 20 mintues, with me not been home I told him I would unlock the car. Work ended up been busy so I didn't check my phone till later and noted the car was been worked on.......I persumed my wife had given him the key, but it turns out no!!!

So it's pretty certain now Tesla can gain access to any of their cars on the road today, without ANY knowledge/trigger/warning to the owners. My car is out of warranty and coming up to 6 years old, but it seems likely Tesla has this ability even for cars made way back probably the first ever S.

I don't know if this is another display of the 'disruption' Tesla is bringing to the automotive industry, certainly for me, not having to be around when the service tech arrives to work on the car is convince on a different level vs a traditional dealership model....but tin hat moment, Elon if he is truly a mad man, could disable, and with FSD 'drive' any of our cars off a cliff/back to Tesla with no consent from the owners!!

Even Apple I don't think have this level of potential 'control' on their products post sale....Good or Bad??!!

 

[Doudeau]

Interesting to know. Question is how many people at Tesla have access to do this and how do they need to authenticate onto their systems to be able to do so.

How about a 4th option for your poll - Reluctantly (or similar text) ?

 

[speedyranger74]

At this point everything is possible but pretty sure everything access is logged. Said that, Tesla, will know who is the Ranger who accessed that car, when and where.

 

[Fred2]

That is interesting - i've had similar experiences at service centres but had assumed it was geofenced - hard to abuse if you have to drive the car to the service centre of your own free will.

If you can unlock your car with the mobile app, then so can tesla - your app sends a request to their backend, their backend decides whether that request should be authorized or not and then sends a request to the car. It's all about who tesla authorises, and a ranger logged into some sort of service app sounds plausible.

You'd like to think it's tightly locked down, ie as well as being logged that it's not the case that the ranger can unlock any car. Ideally they'd only allowed to unlock your car for a specific amount of time because that piece of work has been assigned to them for that time

 

[Durzel]

I've always been asked to disable P2D when I've gone to a service centre, but I've heard of other people saying that they've turned up and Tesla have just driven the car anyway. Since hearing that I've tended to think that they've just asked me to disable P2D to make me feel better. It would be logical if the geofenced area which puts the car in Service Mode would bypass P2D.

Not heard of rangers being able to just turn up and take over peoples cars though, but as said above it's not beyond the realms of possibility given the tools they have. They can see your VIN, so presumably can issue commands to it the same way as they can push (and retract) software updates without your say so.

 

[G4WFT]

I had a mobile ranger visit last week and I asked him this specific question about access. He said that the technicians can only access the car within the geofenced area of the service centre and only if the car has an outstanding service request. For mobile visits he said that, again, the car must have an outstanding service request and that they have to be physically close to the vehicle to access it. Obviously, that's taking what he said at face value but I recount it here for what it's worth. He didn't elaborate on what "physically close" meant in distance but I got the impression it was just a few metres.

 

[Durzel]

I had a mobile ranger visit last week and I asked him this specific question about access. He said that the technicians can only access the car within the geofenced area of the service centre and only if the car has an outstanding service request. For mobile visits he said that, again, the car must have an outstanding service request and that they have to be physically close to the vehicle to access it. Obviously, that's taking what he said at face value but I recount it here for what it's worth. He didn't elaborate on what "physically close" meant in distance but I got the impression it was just a few metres.

Technically nothing stopping them creating service requests on your behalf, though? I've had service requests appear and disappear without going near the app, just from speaking to Tesla SCs.

 

[G4WFT]

Technically nothing stopping them creating service requests on your behalf, though? I've had service requests appear and disappear without going near the app, just from speaking to Tesla SCs.

He did say that the service request had to be raised by the customer, but whether that is true who knows?

 

[init6]

I've never heard such nonsense in all my life:

and with FSD 'drive' any of our cars off a cliff/back to Tesla with no consent from the owners!!

Just how good do you think FSD is!

 

[Adopado]

I've always been asked to disable P2D when I've gone to a service centre, but I've heard of other people saying that they've turned up and Tesla have just driven the car anyway.

Yes, nowadays you just leave the car locked at the SC car park and they then take it and do what's necessary.

 

[NewbieT]

If you don’t trust Tesla with your data, sell your car.

Tesla take information security pretty seriously and put a lot of resources into keeping us safe. If you don’t trust Tesla, have a think about who you do trust, Facebook? Huwawei?

Unless you live in a faraday cage and disconnect from the internet you pretty much have to accept some risk nowadays.

 

[WllXM]

At this point everything is possible but pretty sure everything access is logged. Said that, Tesla, will know who is the Ranger who accessed that car, when and where.

Good for Tesla but as the owner of the car, I guess you should have access to that log too, and, not only that, but have to opt-in to that upfront...
Just imagine if any 'Genius' could have unfettered access to your iPhone *but, logged on Apple servers*... not really convincing to me...

 

[bro1999]

Just how good do you think FSD is!

A Tesla will be able to drive itself across the country coast to coast by end of 2017!
*looks at date* wait a second...

 

[DeejUK]

What worries me more than their level of access is the fact that a lot of the car runs on Linux, that hasn't been particularly stripped down, as far as I know. I remember on Hacker News there was a post from a Tesla employee after a software rollout went wrong who said that the software-update process is cobbled together Bash scripts - basically cardboard and sticky tape.

That said, I've worked with legacy car-makers, and their IT is way, way worse. Like, banking levels of bad. I expect my Renault Zoe and the remote services it uses are riddled with vulnerabilities.

 

[Durzel]

If you don’t trust Tesla with your data, sell your car.

Tesla take information security pretty seriously and put a lot of resources into keeping us safe. If you don’t trust Tesla, have a think about who you do trust, Facebook? Huwawei?

Unless you live in a faraday cage and disconnect from the internet you pretty much have to accept some risk nowadays.

"Tesla" is a big entity.

Do I trust everyone that applies for a job at Tesla? Should I? Rogue employees are very much a thing.

Also it's a bit of an argument to absurdity to talk about Faraday cages as if the only choice we have is to either blindly trust Tesla or live off of the grid.

 

[Adopado]

Just like when you chatted phone in hand with your coworker about a certain item they liked and next thing you are getting slammed on your iPhone with ads about that item though you never ordered it.

I hear people saying things like this but it's nothing that I've ever experienced. I have obviously seen adverts for things I have specifically searched for but never something that I have been speaking about in the vicinity of the phone. However, just to help with developing my paranoia I have started talking to my phone about some things that I have never ever searched for or bought ... sometimes not with the phone active and sometimes with my phone unlocked and active in front of me. To my huge disappointment my phone doesn't yet seem to be playing the game ... I'll keep it going for a while though just in case it picks up on my faux desire to buy some desirable items. Of course "they" could be aware that I'm testing them ... that'll be it ... gosh they're clever [and devious] .

 

[sewing1]

If you are truly worried you should sell your Tesla.

 

[init6]

If you are truly worried you should sell your Tesla.

And get off the internet...

 

[sahajesh]

The Russian troll army is following this thread with interest

 

[GeorgeSymonds]

With a token your car can be located, unlocked, and driven even if remote start is disabled (seems to be a bug according to the facebook group) and pin to drive is on. A token is something Tesla manage. I guess they could do it in a way where they had no control over it (the car issues the token and authenticates it with a private/public key only you and the car know, and that would be dandy until someone locked themselves out of the car and there was no way for Tesla to address. I'm less worried about Tesla, I'm more concerned with how many people sign up to Teslafi or one of the other apps without thinking.