How Secure Are Teslas/Tesla Thefts

[Casss]

The best method to reduce the chance of theft is using “layered security”.

Be mindful where you park, ensure it’s well lit and covered by cctv (even at home).

Protect your keys (faraday pouches) and hide your PIN.

Look out for people following you and conducting hostile recces on your car.

Use a visible, physical security, like drive bollards and steering locks.

You want your car to be unattractive to them.

And never, ever, buy a Fiesta

Also, dogs.

Dogs are the goodest boys/girls.

I check their teeth once a week. (Just to make sure they're sharp enough).

/S

 

[Pink Duck]

I own a 2022 Model Y - I believe there's no "turning off passive entry" or have I missed it?

From the manual: “Passive locking and unlocking is automatically enabled when you pair your key fob to Model Y.”
“For increased security, passive locking and unlocking disables after being stationary for five minutes while within vehicle range when the vehicle is not in use. In this situation, you must shake or press a button on the key fob to re-enable passive locking and unlocking.”

Would still recommend keeping the key fobs in a Faraday pouch or similar to defeat relay attacks, given the recent Bluetooth LE exploits.

 

[MrT3]

I own a 2022 Model Y - I believe there's no "turning off passive entry" or have I missed it?

You have to do something to enable it - either purchasing a key fob or enabling your phone as a key.

 

[Lord Farquad]

From the manual: “Passive locking and unlocking is automatically enabled when you pair your key fob to Model Y.”
“For increased security, passive locking and unlocking disables after being stationary for five minutes while within vehicle range when the vehicle is not in use. In this situation, you must shake or press a button on the key fob to re-enable passive locking and unlocking.”

Would still recommend keeping the key fobs in a Faraday pouch or similar to defeat relay attacks, given the recent Bluetooth LE exploits.

The key going to sleep is good, Ford have rolled this out and it works. If the Tesla key does too there’s little point in a faraday pouch.

 

[justvisiting12]

I wanted to thank everyone for their questions, comments and suggestions following the theft of my car last week, and also to update you ... there's still no sign of it, but a neighbour who lives just 200m away has now also had his Model S stolen this morning!

It was recovered nearby a few hours later, but had been damaged. We met up today to talk it over and this looks like a new type of attack, well at least new to us. Both cars had their passenger window smashed indicating that it was not a cloned key fob or relay attack, both cars had their alarms silenced, and both had pin 2 drive enabled, but both were still driven away in the early hours. The MO was identical in all ways as far as we can tell. Whatever the method, it seems that only physical access was required.

On the recovered car, the underside of the dash had been ripped out to gain access to the electronics and wiring. The thieves were also seen carrying a rucksack so I favour the view that they brought equipment that could be connected into the wiring loom to trick the car into powering up and being driven, possibly a cloned vehicle identity which avoided the pin 2 drive altogether? I don't know this for certain but the evidence of two incidents suggests this.

A word of warning, particularly for Model S owners in the Yorkshire/Derbyshire/Nottinghamshire areas - I'm not sure that a reliance on the electronic security measures is now enough to prevent theft so it might be wise to add a physical layer of security temporarily (steering lock, bollards, or just by blocking the car in on your drive), until this vulnerability is better understood. Anything which makes it harder to take.

Does anyone have a contact number for somebody at Tesla who might be willing to talk this through? It seems like key information they would want to know but whenever I call them I get generic answers and GDPR quoted at me and its so hard to reach anyone in authority. If so, perhaps one of the moderators could exchange our contact info? Be careful out there - there's definitely a heightened risk at the moment.

 

[Medved_77]

Does anyone have a contact number for somebody at Tesla who might be willing to talk this through? It seems like key information they would want to know but whenever I call them I get generic answers and GDPR quoted at me and its so hard to reach anyone in authority. If so, perhaps one of the moderators could exchange our contact info? Be careful out there - there's definitely a heightened risk at the moment.

I'd suggest trying to contact the official owners group for the UK as they do have contacts at Tesla that they can lean on in certain situations:

Need some help? - Tesla Owners UK

If you need help with your Tesla Owners UK account, membership or order this page is for you.

teslaowners.org.uk

They recently put this article together, if nothing else then they may be interested in updating it with your findings:

How to Defeat Tesla Thieves - Tesla Owners UK

Tesla cars are very secure vehicles, but they do contain some attractive electronic components. Want the parts to make a 100kWh Power Wall? A box of Tesla parts makes an ideal starting point. Tesla cars, just like those legacy cars have some common security vulnerabilities. Understanding the...

teslaowners.org.uk

 

[justvisiting12]

What version of software was your car on at the time? (if you recall) - are the key-fobs 2nd gen with latest update?

Software was regularly updated, last major update in September this year. Sorry I don't know the difference between 1st and 2nd gen fobs. Assume they are originals though were recoded by Tesla in May this year.

 

[justvisiting12]

They more than likely would have removed the SIM card to stop the tracking, it sounds like they obviously know what they are doing and replaced the necessary parts to circumvent any security measures, be interesting to know the year of the car.

It is a 2018 Model S 75D

 

[justvisiting12]

They recently put this article together, if nothing else then they may be interested in updating it with your findings:

And there it is. Thanks - the circumstances sound a lot like the "New Key Hack" described on the page your link referred to. "Physical access required to Model S, can take a long time 30 minutes or more, but thieves are able to generate a new key and override pin 2 drive." New in 2022 and no known mitigation. They have it all right.

 

[GeorgeSymonds]

I'd suggest trying to contact the official owners group for the UK as they do have contacts at Tesla that they can lean on in certain situations:

Need some help? - Tesla Owners UK

If you need help with your Tesla Owners UK account, membership or order this page is for you.

teslaowners.org.uk

They recently put this article together, if nothing else then they may be interested in updating it with your findings:

How to Defeat Tesla Thieves - Tesla Owners UK

Tesla cars are very secure vehicles, but they do contain some attractive electronic components. Want the parts to make a 100kWh Power Wall? A box of Tesla parts makes an ideal starting point. Tesla cars, just like those legacy cars have some common security vulnerabilities. Understanding the...

teslaowners.org.uk

Good luck trying, nothing to lose, but we’ve had little joy with the owners group on here. The “president” was a member for a while, and after numerous incorrect posts stating. “There will never be a standard range RWD MY, Elon told him” he lost interest.

Their security article is also factually wrong too. It’s got some reasonable ideas, but their thoughts on things like M3Y key fobs don’t seem to correlate with the manual, and they don’t really understand the Token security issue and 3rd party apps as MFA doesn’t help at all.

 

[Jason71]

And there it is. Thanks - the circumstances sound a lot like the "New Key Hack" described on the page your link referred to. "Physical access required to Model S, can take a long time 30 minutes or more, but thieves are able to generate a new key and override pin 2 drive." New in 2022 and no known mitigation. They have it all right.

Definitely sounds like it. Seems as if they are suggesting that only MS are susceptible? either that or thieves willing to risk a 30 minute procedure
are only targeting the most valuable vehicles because lets face it there are a heck of a lot more M3 than MS at this point so they would be easier pickings.
Question though if this hack allows a new key to be registered that then allows the car to be driven but what next? The fact that you could not track it suggests that the sim was also disabled or the car was re-set somehow. but having done that are they able to rehabilitate the car back onto the network even though it is stolen or is it only any good for parts that that point.? As far as Tesla are concerned that car is still linked to your Tesla account. The thieves cannot transfer it to another account can they? or can they swap the ECU from say a write off and make Tesla think it is a different car?

 

[srichards]

Are all ages of MS susceptible to this broken window and spend 40 minutes in the car method?

Is there any difference in ability to steal it depending on whether it's plugged into a charger or not?

 

[GRiLLA]

Definitely sounds like it. Seems as if they are suggesting that only MS are susceptible? either that or thieves willing to risk a 30 minute procedure
are only targeting the most valuable vehicles because lets face it there are a heck of a lot more M3 than MS at this point so they would be easier pickings.
Question though if this hack allows a new key to be registered that then allows the car to be driven but what next? The fact that you could not track it suggests that the sim was also disabled or the car was re-set somehow. but having done that are they able to rehabilitate the car back onto the network even though it is stolen or is it only any good for parts that that point.? As far as Tesla are concerned that car is still linked to your Tesla account. The thieves cannot transfer it to another account can they? or can they swap the ECU from say a write off and make Tesla think it is a different car?

It'll be shipped overseas to a country that doesn't normally have Tesla's and sold that it doesn't connect online.

The 30 minutes would suggest some kind of brute force attack, perhaps Tesla could mitigate that somehow with a retry limit. They clearly need to address the issue. The locking and keys on Model S are very different to Model 3/Y, so let's hope that this attack isn't transferrable. It does seem like a higher risk for the thieves to be present for that long, but clearly, they weren't troubled for both of these incidents.

 

[Pink Duck]

Is important to allow the Tesla app to be able to bypass your phone's Do Not Disturb (or equivalent) mode to at least give a fighting chance to request police intervention, if fortunate enough to have coverage and reasonable response times.

 

[srichards]

Saw on Twitter that it is supposedly only MCU1 are vulnerable to the 40 minute attack that gets round passive entry being off and PIN to drive. Still means a smashed window potentially if you have an earlier car as there aren't really any outward signs of an MCU2 unless there is some way of knowing that without breaking in?

 

[Tony Hoyle]

Either way a hardware vulnerability is an interesting find.. although the time to execute it means you'd have to be specifically targetted - most theives want to be in and out.

If it's MCU1 I wonder how fixable it is, short of Tesla doing free MCU2 upgrades.

 

[Cardo]

I’ve also read this relates to MCU1 models as apparently it’s relatively “easy” to access service mode and to disable P2D and create a new key.
I wonder how Tesla will approach this. Even cheaper MCU2 upgrades? A patch to the MCU1 software? It definitely looks like MCU1 Ss will need physical barriers, for the time being.

 

[MrT3]

Is there any difference in ability to steal it depending on whether it's plugged into a charger or not?

For this specific attack being plugged in won't make a difference as once they bypass P2D they can just unlock the charge port.

 

[ebyard]

How sure are we that this latest issue is MCU1 only?

Also, the owners club really need to kick Tesla to fix this - I've long asked for a time-based immobiliser, so you can say, 10pm to 6am or whatever, the car is utterly undrivable. Won't respond to keys, won't do anything.

 

[1k-dummy]

You have to do something to enable it - either purchasing a key fob or enabling your phone as a key.

I have my phone as key but I can't find passive entry option(s), can you point me?