How Secure Are Teslas/Tesla Thefts

[Irata]

Interesting ... does this mean: if the car is driving along connected to your phone's WIFi hotspot it can no longer be followed using the app on a different phone (linked to your account) in a different location?

Normally it works fine. In my case I was using a hotspot in the car that used a VPN and a geo-ip / ad blocker, this blocked the car talking to the mother ship which I hadn't noticed before. I'd wrongly assumed live tracking didn't work. But when I didn't use my hotspot it works and when I didn't use the VPN it works.

However, all cars are hard coded with a Tesla WiFi which you can find on the internet. So it's very easy to block the tracker.

 

[Casss]

It's just occurred to me today, that replacing the data-enabled USB ports in the front cubby with 'dumb' ones could actually be a boon for security. Not sure if this is part of the reason or completely coincidental, but the more I think about it, the happier I am that the only data enabled port in the car is relatively hidden in a locked glovebox.

Not saying software vulnerabilities do or do not exist, but if they did/do, having such a convenient data port that you could reach through the drivers window could be bad news.

 

[Tony Hoyle]

There's a data port in the driver footwell IIRC.

It's heavily secured.. and without the correct certificates you aren't doing anything with it (feature modding a tesla generally involves ripping the MCU out and getting it on a test bench to bypass the security), but it's there.

Tesla are, from what I've seen, pretty good at securing their stuff.. they still have the bug bounty (up to $15,000 for finding a security hole). I'm pretty sure if a hole is found it'll be fixed by OTA before most people even know about it..

 

[Undecided_2]

I used to work with an engineer that specialised in cellular data communications. He explained that you only need a weak signal to send a data package that could contain enough to disabled something. We’re talking 1kb of data and a signal too weak to hold a conversation over. Similar to SMS being able to be sent when a phone call couldn’t. So we may not see it in the Tesla app but Tesla would probably have enough to do something with.

All these things can be hacked. But I’m of the opinion that a Tesla would be stolen for parts due to shortages and that would require organized gangs. Low loader, communication cut off, shipping it out of the country etc. or stolen to order parts. Dismantle on site or something like that.

We’ll never beat those types as they beat the authorities!

We’re more at risk of smash and grab types. Which is more of a pain. A friend had a bag of Haribo sweets taken from the back seat. They jimmied the top of the front door to bend it enough to open it. Huge damage and inconvenience for a 60p bag.

 

[Tony Hoyle]

You have to define threat models.. are you *really* trying to protect against organised gangs who could just shove your car into a faraday cage and be in poland before teatime?

Or are you trying to protect against someone managing to get your car started and driving down the M1 with it.. Tesla's security is more than adequate for that, as the theft figures show.

 

[Casss]

You have to define threat models.. are you *really* trying to protect against organised gangs who could just shove your car into a faraday cage and be in poland before teatime?

Or are you trying to protect against someone managing to get your car started and driving down the M1 with it.. Tesla's security is more than adequate for that, as the theft figures show.

Yep, frankly as long as there isn't a widespread security vulnerability with a low barrier to entry, where there's a will there's a way, even for organised crime groups.

 

[Adopado]

However, all cars are hard coded with a Tesla WiFi which you can find on the internet. So it's very easy to block the tracker.

... and would you be able to set the wifi to the blocking doo dah if someone had pin to drive activated or is that a straightforward thing to bypass too? I'm just trying to imagine the actual scenario of someone stealing a car and what they could actually do. Also you would think that if the alarm is triggered the car would lock down and only respond to a legitimate "key".

 

[WannabeOwner]

if someone had pin to drive activated or is that a straightforward thing to bypass too?

I haven't been to Service much since that was introduced ... but the few times I have I think they have needed me to turn it off. Certainly when I traded in the car. I'm sure Tesla could work around it, somehow, but if what I have remembered is correct then it seems that even service centres can't jimmy it - that would seem to bode well with me.

I'm working on a little APP that will disable the glove box PIN for 3 minutes at Midnight, but only if the car is parked within 100M of the America Embassy ...

 

[blert]

As a deterrent I'm perfectly happy with Tesla's security and think it's a good balance between that and usability. If someone wants any car badly enough then they'll take it whether that's an organised gang with a flatbed or someone simply bashing you over the head until you give up your pin and phone/keycard/fob.

Ultimately it's only a bit of metal and plastic and it's insured. It would be a pain if it was stolen but I'm not going to obsess over the possibility.

 

[Adopado]

Ultimately it's only a bit of metal and plastic and it's insured.

Well ... *yours* may just be a bit of metal and plastic ... I know I know, but can you really think that way if/when it happens? I don't think I could be that cool about it.

 

[qwickshot]

I’d be annoyed, but what would quickly disappear once I got the cheque/replacement car.

If it ever was stolen, the number one priority would be getting it declared a loss and getting a cheque ASAP. As silly as it sounds, I wouldn’t want it back if it was recovered but I’d happily just go and buy another.

 

[Casss]

... and would you be able to set the wifi to the blocking doo dah if someone had pin to drive activated or is that a straightforward thing to bypass too? I'm just trying to imagine the actual scenario of someone stealing a car and what they could actually do. Also you would think that if the alarm is triggered the car would lock down and only respond to a legitimate "key".

Highly unlikely anyone can brute force pin to drive to bypass it, so unless they have stolen tools from a tesla service centre and know how to use them, the most likely way someone would do this is by gaining control over your tesla account. With this they can reset your pin to drive, which is why having 2fa on your tesla account password is a good idea.

 

[Irata]

... and would you be able to set the wifi to the blocking doo dah if someone had pin to drive activated or is that a straightforward thing to bypass too? I'm just trying to imagine the actual scenario of someone stealing a car and what they could actually do. Also you would think that if the alarm is triggered the car would lock down and only respond to a legitimate "key".

The pin to drive stops anyone driving without the pin, which is stored and processed locally and doesn't need any connectivity to work.

I am not suggesting the car can be stolen at all.

It's more that it's rather easy to stop any Tesla car talking back to the Tesla mothership. I think this is why it's not recognised as an official tracker by insurance companies and related to why Thatcham thinks so too.

If the car can't talk to the mothership, it's still safe but you wouldn't get any live information or notification in the app.

I was rather nervous saying how I accidentally blocked the car talking home, but thinking about it - it's only saying what is already open source knowledge. Plus I held back saying the exact instructions.

 

[Tony Hoyle]

It is recognised as a tracker though by insurance companies.. at least LV and DL (Admiral don't even ask one way or the other so never had cause to look at their policy).

LV are somewhat special in this.. they recognised the Leaf as having a tracker.. and anyone who's used the 'find my leaf' knows how useless it is - I think their basic definition is 'you can find out the location somehow'.

But no tracker is magic.. stick it in a metal container and it's toast. Insurance companies know this.. they're not expecting physics-defying miracles from Tesla or anyone else.

 

[Tony Hoyle]

Tesla service *can* override pin to drive (and operate the car remotely if required - if you lose your key one option is to call them and get them to unlock it, provided you can prove who you are) but their connection is secure and as far as anyone knows never been compromised (it would be rather big news I expect!).

They mostly don't do it - when I traded in my 3 they asked for the P2D even though they would have had the capability to take over the car completely.. I presume internal security at Tesla means the average staff member doesn't get that kind of access so it's easier for them not to try than escalate it to someone that does.

 

[Irata]

It is recognised as a tracker though by insurance companies

That's interesting and good on them.

I didn't see it listed as Thatcham approved, unless I missed that?

There is a big difference however, proper trackers need some reasonably expensive equipment - a large faraday cage is expensive.

The tesla tracker can be defeated with less than £9 of equipment.

Personally, I don't call the Tesla a proper tracker but others are very welcome to have a different option. I am not always right.

 

[Tony Hoyle]

It's not thatcham approved, but they don't specifically ask for thatcham approved - some have that as an option so you can say whether it is or not.

Same with the alarms and immobilisers (well the 3 alarm is, the Y isn't despite being the exact same hardware, go figure.. Tesla didn't send the appropriate amount of cash to Thatcham I expect).

https://www.thatcham.org/wp-content/uploads/2022/03/March-2022-OE.pdf

 

[Roy B]

I haven't been to Service much since that was introduced ... but the few times I have I think they have needed me to turn it off. Certainly when I traded in the car. I'm sure Tesla could work around it, somehow, but if what I have remembered is correct then it seems that even service centres can't jimmy it - that would seem to bode well with me.

SCs used to ask for the PIN (or ask you to turn it off) but they have a new system now (although I'm not sure it's been rolled out to all SCs). I believe they can bypass the PIN now, but it's geofenced to only work when the car is at an SC (and maybe also has to be booked in for service with that SC?)

 

[Roy B]

Looks like there was a vulnerability in the M3/MY bluetooth proximity unlock that was fixed some time ago in a software upgrade. So it's good not to get too complacent.

Canadian software developer discovers Bluetooth key vulnerability that allows anyone to unlock a Tesla, fix deployed through OTA update

A Canadian app developer has discovered a major vulnerability in Tesla's Bluetooth key technology that allows anyone to unlock one of their vehicles.

driveteslacanada.ca

What I would say is that computer systems almost always have vulnerabilities. But Tesla has the ability, unlike other manufacturers, to quickly push out fixes if a vulnerability is discovered, which hopefully means that the window of opportunity is curtailed. That's a good reason, if you need another, to promptly apply updates.

 

[WannabeOwner]

maybe also has to be booked in for service with that SC?

That sounds like a very sensible provision.