How Secure Are Teslas/Tesla Thefts

[NewbieT]

I thought about the swapping the car computer option.

Maybe it’s not as easy as this but Tesla could run some checksums against the hardware serial numbers for all of the canbus devices and if they change then force a phone-home before allowing drive to be selected?

Hi Everyone, I've highlighted this 'new' theft issue to Tesla UK Management and also the vulnerability team this week to get some answers / push for change etc. I'm now aware of 3 or possibly 4 thefts this week so clearly something is going on. In the meanwhile we've updated this article (How to Defeat Tesla Thieves - Tesla Owners UK) which may help anyone who isn't aware of some of these vulnerabilities, that said if I had a MCU1 Model S in the vulnerable areas (Surrey, Yorkshire, Derbyshire & Nottinghamshire) I'd personally be considering a physical barrier to prevent thefts right now (e.g. blocking the car in with another car / bollards etc) along with the normal things like Passive Entry Off / Pin to Drive on / CCTV at ground level etc etc. Also for anyone affected ensure you send ALL the information about the theft (including your VIN) to [email protected]

Worth noting: Solution 6 can also invalidate your insurance.

These also work very well (for 3/Y). When square/adjacent with an RFID I can’t get into my office.

https://www.amazon.co.uk/Befekt-Gears-Protector-Contactless-Protection/dp/B07NS64RLM/

 

[Rooster6655]

The pin that holds the charge cable in isn't that strong.. someone who is prepared to trash the MCU isn't going to hesitate breaking it.

There is also the emergency release which isn’t going to be disabled by software limitations

 

[srichards]

Fiddling with the charge cable takes time. So it's more time onto the 40 minutes while they're trapped. It won't stop them it's just another layer of inconvenience.

 

[DrJFoster]

The owners group measures seem to focus on more obscure and rare methods and a bit of promoting their sponsors.

What about no locking wheel nuts? Or Token theft from 3rd parties? Door vulnerabilities allowing easy access? Advice on the best key type to leave with a garage/tyre place/valet parking company (because leaving them with your keycard means they could add an extra device without you knowing)

On the basis that more advice, so long as it doesn't contradict is a good thing, here's another guide (which is where I realised about the above weaknesses not mentioned)

Tesla Security

Tesla Security - what you need to know

tesla-info.com

 

[Mikeisnomech]

Never thought about giving the key to a tire place would also alow them to add another device... sneaky... could your insurance company might blame you for carelessness if they could prove that happened?

 

[WllXM]

Never thought about giving the key to a tire place would also alow them to add another device... sneaky... could your insurance company might blame you for carelessness if they could prove that happened?

Advice on the best key type to leave with a garage/tyre place/valet parking company (because leaving them with your keycard means they could add an extra device without you knowing)

If you've put the car in Valet Mode before handing out the keycard, then it cannot be used to add a new key/device .
+ it restricts access to the 'home' location in satnav so the attendant won't be able to see where you live.

 

[randompixel]

https://twitter.com/x/status/1580832458102054912

 

[GeorgeSymonds]

If you've put the car in Valet Mode before handing out the keycard, then it cannot be used to add a new key/device .
+ it restricts access to the 'home' location in satnav so the attendant won't be able to see where you live.

Thats a good point, although I don't think the owners club mention that and/or why it's important. I didn't use valet mode last time I left my car with anyone, although I do have a keyfob. P2D isn't exactly hard to defeat either.

 

[yessuz]

ha, when I leave my car at airport/etc I always put it in valet mode, before giving it to staff

 

[Pink Duck]

Valet Mode sounds like a great additional setting to P2D and Sentry Mode for overnight security; limit new wireless attack surfaces, plus preventing easy UI disable of Sentry Mode (for light/sound) and Remote Mobile App Access (for locating). It certainly caused obstacles for SC when my car went in for MCU2 upgrade, they couldn’t disable it themselves.

 

[GeorgeSymonds]

Taking your wheels off is an option too, it’s a question of how far is far enough?

I had a lotus Elise in my younger days and that had a removable steering wheel, that’s another option I guess except they’d probably turn up with their own.

As we have multiple suggestions, what do people think are the top 4 or 5 things to do that achieves most things without being OTt? Mine are :

- avoid giving away tokens unless confident in who to
- P2D and sentry, but for me I’d like to have P2D excluded when at home, just like you can with sentry
- valet mode and a burner key fob when leaving yojr car with anyone
- never leave valuables on show

 

[Dilly]

https://twitter.com/x/status/1580832458102054912

When it says “forensically recovered”, did they just find some remains!

 

[Lord Farquad]

When it says “forensically recovered”, did they just find some remains!

No they mean lifted onto a recovery truck for CSI to go to the compound and try to recover fingerprints and DNA

 

[qwickshot]

Good to hear the car was recovered.

Honestly, it’s the complexly wrong attitude but my best solution is do what ever you need to do per your car insurance.

Car theft is a game of car and mouse, if someone really wants to steal the car, they generally can. There isn’t really anything on the market that can stop them.

I mean wouldn’t you even bat an eyelid if some people with high vis vests turned up with in flatbed and just craned your neighbours car away in the middle of the day.

Put too many barriers in their way and we will be back to the scum breaking into your house with knives and bats. No one wants that. It’s only a car at the end of the day.

 

[WllXM]

Thats a good point, although I don't think the owners club mention that and/or why it's important. I didn't use valet mode last time I left my car with anyone, although I do have a keyfob. P2D isn't exactly hard to defeat either.

Yes there are a lot of benefits in using Valet Mode (locked glovebox, acceleration & speed limiters to avoid cowboy valets, etc..), and you just need two taps to enable it on the screen.
It's just a matter of thinking to do so when the moment arrives, which I suspect is what most people forget...
And it can also be set through the App if you've been distracted on the moment.

I think many owners should be reminded of this feature which can thwart a lot of opportunist thefts...

 

[yessuz]

Valet Mode sounds like a great additional setting to P2D and Sentry Mode for overnight security; limit new wireless attack surfaces, plus preventing easy UI disable of Sentry Mode (for light/sound) and Remote Mobile App Access (for locating). It certainly caused obstacles for SC when my car went in for MCU2 upgrade, they couldn’t disable it themselves.

look, as per video - I posted a page ago, once you inside the car and you know what you do - you just reboot MCU, put it in service mode and no need any keys, P2D is disabled etc.

all of it, is not really something you can really avoid - I mean you can, as mentioned, remove all the wheels before going to sleep, but does it make much sense? If car is stolen you just deal with your insurance and that's it.

to be fair, the worst thing would really be, if someone tries to steal it, then realises they can't and then just vandalize the car.

 

[Irata]

Given a Tesla is supposedly an internet connected smart device, it can stream cameras over the internet, stream music or accept voice commands even in a very basic argument of such. I guess it might fall under cyber security laws and Tesla have a responsibility to fix such vulnerabilities.

New cyber security laws to protect smart devices amid pandemic sales surge

Groundbreaking plans to protect people from cyber attacks

www.gov.uk

 

[WllXM]

Given a Tesla is supposedly an internet connected smart device, it can stream cameras over the internet, stream music or accept voice commands even in a very basic argument of such. I guess it might fall under cyber security laws and Tesla have a responsibility to fix such vulnerabilities.

New cyber security laws to protect smart devices amid pandemic sales surge

Groundbreaking plans to protect people from cyber attacks

www.gov.uk

Again, it someone’s pry-opens your car frameless windows to gain entry and then modify the hardware board / MCU while neutralising cellular antennas, in order to drive away, it doesn’t fall under cyber/hacking in my book…. Just old fashioned car theft

 

[Irata]

Again, it someone’s pry-opens your car frameless windows to gain entry and then modify the hardware board / MCU while neutralising cellular antennas, in order to drive away, it doesn’t fall under cyber/hacking in my book…. Just old fashioned car theft

Maybe, but it doesn't seem to be worded like that.

If someone steals your phone, unlocks it, breaks the encryption and uses it to access your bank details - where is the line.

 

[Pink Duck]

you just reboot MCU, put it in service mode and no need any keys, P2D is disabled etc.

I watched the video you posted. You'll note he disconnected the MCU1 power, added signal interference to one of the data lines then re-started it such that it booted without P2D. The voiceover sounded a bit like 'safe mode' (i.e. MCU handles the garbage config in as reinitialise to new). He then manually disabled the default configured options. There was nothing on-screen to indicate it was in true service mode. Arguably Valet Mode is just another setting, which isn't enabled by default, so no luck there for MCU1. In my case I have MCU2, so it is an added layer of depth to attack resistance. Perhaps a window MCU2 sticker as deterrent might be good enough for both. The video description also mentions 'intentional inaccuracies' in its making.