Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

How Secure Are Teslas/Tesla Thefts

This site may earn commission on affiliate links.
I believe P2D is completely bypassed if you authorise a drive from the app, effectively the way Tesla service do it. It seems anyone who has your refresh token (Teslafi, or any of the other 3rd party apps) can simply send the command and drive your car away. There was a suspected breach somewhere recently and Tesla forced a lot of password changes, I can see this being as big an issue as a bug. MFA is also only needed to generate the initial tokens, once done they can refresh periodically without the owner knowing.
 
I believe P2D is completely bypassed if you authorise a drive from the app

Yes, I've done that.

But I discovered that car needed "Enable keyless driving" to be on.

I was in the car at that time, so I just changed the setting and tried again. That worked :)

So if you have phone you can unlock, change "Enable keyless driving" option, if necessary, and then use START from the phone ... no PIN required

(Which is a useful trick if P2D enabled and the screen wasn't working for some reason ... but you'd have to already have "Enable keyless driving" for that to work ... given I was able to change that anyway is there any reason to have that turned OFF ? )
 
  • Informative
Reactions: Casss
Which is a useful trick if P2D enabled and the screen wasn't working for some reason ... but you'd have to already have "Enable keyless driving" for that to work ... given I was able to change that anyway is there any reason to have that turned OFF ? )

You cannot bypass P2D if MCU has failed. It needs Tesla to physically plug into the car.

So if screen has failed due to MCU failure then you are stuck and no moving the car without a Tesla tech on site.

Learned the hard way when our MCU failed in a location where car could not be moved either pushing, on dolly’s (steep site) or low loader (restricted access). It took two attempts and many hours trying to recover the car and eventually needed Tesla tech on site the following day - ironically they managed to coax some life into an apparent dead MCU enough to disable P2D without having to physically plug in. Failed MCU (would not boot due to subsystem hardware failure) replaced and Tesla tech were able to backup old MCU settings to new one, including lifetime trip.
 
SCs used to ask for the PIN (or ask you to turn it off) but they have a new system now (although I'm not sure it's been rolled out to all SCs). I believe they can bypass the PIN now, but it's geofenced to only work when the car is at an SC (and maybe also has to be booked in for service with that SC?)

Yes, that's my understanding, that's how they do a contactless service, if your car is within their geo-fence and you have a booking then the technicians can drive the car into the workshop etc.

When in there recently for some post-delivery tidy-ups they were happy to investigate why my phone key was allowing the car to be unlocked when the phone was further way, but to do this they had to cancel the service booking whilst the car was in the workshop which then allowed my phone key to work again.
 
Which is a useful trick if P2D enabled and the screen wasn't working for some reason ... but you'd have to already have "Enable keyless driving" for that to work ... given I was able to change that anyway is there any reason to have that turned OFF ?

You cannot bypass P2D if MCU has failed. It needs Tesla to physically plug into the car.

So if screen has failed due to MCU failure then you are stuck and no moving the car without a Tesla tech on site.
Maybe there's a suble difference here. If you have "Enable keyless driving" set then if the MCU fails you can still drive it, if you don't have it set then you can't, nor can you change it. That said, I can't say I've ever noticed the setting.

Things also change over time, From reading around the API on github the remote start option used to require a password but this got dropped on later versions, sometime in the last year.
 
Maybe there's a suble difference here. If you have "Enable keyless driving" set then if the MCU fails you can still drive it, if you don't have it set then you can't, nor can you change it. That said, I can't say I've ever noticed the setting.
Enable keyless driving requires the MCU to be operational to be able to respond to the external communication required to initiate a keyless drive.

In our case the MCU failure was caused by a sub system preventing the MCU from booting. So an MCU boot, which occurs when the car wakes up, if failed, ie screen is dead, results in no remote access to the car and no way to trigger keyless access.

With failed MCU, had we not had P2D enabled, the car would have been drivable )(albeit with no screen) on to the recovery truck, but P2D completely prevented that. We could lock/unlock with keycard and various other sub systems/functions did work like doors, windows, lumbar etc. Front trunk access required the bumper ‘jump start’ but I think we had access to boot via manual unlock. Only so much I could check with 12v and HV battery systems in various states of disconnection by Tesla and recovery but it was reassuring how much of the car could still be used with no MCU. Unfortunately didn’t get a chance to test the lights. I certainly wouldn’t want to drive it any distance in that state though even with workarounds for speed etc.
 
Last edited:
Yeah the older S and X vehicles use standard key fob technology so are susceptible to the same attacks as all the other vehicles with keyless entry. Newer Teslas with bluetooth fobs, or RFID keycards cannot be stolen in this way.

Unless people opt for a Tesla Fob key on the model 3 it's the same, they are still susceptible to the same attacks
Which for the life of me I don't know why people would buy a Tesla Fob key.....
 
  • Disagree
Reactions: MrT3 and ACarneiro
Unless people opt for a Tesla Fob key on the model 3 it's the same, they are still susceptible to the same attacks
Which for the life of me I don't know why people would buy a Tesla Fob key.....
Valet parkling, the alternative is to give them the key card
Multiple people drive the car, some at short notice, and you don't want to set everyone up with the app and the key card is hassle in comparison
Want a traditional key ring including house key and car key (I've left home before now without the house key)

The key fob Tesla use now are less susceptible to relay attacks, as they are with most new cars.

I still think its mad that people worry about the security of a key yet give their details to 3rd party apps who can find, open and drive your car away, even if you have pin to drive enabled.
 
Unless people opt for a Tesla Fob key on the model 3 it's the same, they are still susceptible to the same attacks
Which for the life of me I don't know why people would buy a Tesla Fob key.....
That's not correct on two counts I'm afraid

1. The Model 3 keyfob uses Bluetooth to connect to the car, rather than the simple RF method used by the legacy S/X keyfobs that originally had weak encryption. To our knowledge so far no one can relay bluetooth, however who knows what will happen in the future. If you are concerned about Bluetooth then also be worried about the phone key as it's the same.
2. The keyfob has a motion sensor and stops transmitting when it's left stationary for 5 minutes, removing any opportunity of seeing the signal. In part it does this to save the battery, but it's an effective security measure as well. The phone key does not stop unless you forcibly stop the app running on Android.

Tesla Model 3 keyfob, which will also be the key for the next gen S/X is adequately secure. The only place where security was an issue was on S/X with the RF keyfob that used technology Tesla bought in. The first gen had issues with it's encryption so there was a later model that went from 64 to 128bit but I've not kept up with whether that is still secure enough.
 
  • Informative
  • Like
Reactions: Roy B and ACarneiro
Incorrect, the car can be tracked via the phone app while on the move.
Yup, the original post was the wrong way round.

If the car is parked and asleep it does not update it's location, so if someone craned it onto a flatbed you wouldn't be able to track it being moved. However I'm assuming that if you left Sentry active it wouldn't be sleeping anyway so should be trackable,

When the car is awake, being driven for example it does update it's location, speed etc.
 
The benefit with phone key Bluetooth is that the protocol and the phone side security can be patched as often as needed, quickly too if the developers are competent.
Agreed, however an applications ability to talk bluetooth is through the interfaces provided by the phones operating system, so it's not possible to really make changes at a deep level. It does seem that the Tesla Phone Key process has specific risk mitigation that aren't documented, there is clearly something related to signal strength, and it would also appear to be comparing the car and the phones GPS in some way. Tesla aren't going to document all their protections.
If Tesla used Apple's Car Key thing then I could believe there were more fundamental protocol level timing etc. But they don't, and it's platform agnostic.

I've not yet seen if Tesla have a mechanism to update the firmware on the keyfob, but it would seem pretty unlikely that they don't. They had a way to update the previous RF version. Maybe it's done with each car update in a way we don't see. If thats the case then they almost certainly have more control over the protocol side.
 
  • Like
Reactions: Casss
Just saw this - BLE phone-as-a-key vuln allows access to Tesla Model 3 so I guess BT is susceptible to relay attacks, I notice when you close the Tesla app the Tesla BT device disconnects on the iPhone so hopefully this is a workaround.
Interesting article, they invented a way to relay the bluetooth signal from a phone fast enough to avoid the normal expiry. I would note their recommendation that they haven't tested as I think some of those already exist, certainly the keyfob is motion based, and I think there is some gps element to the validation.

Still, its good to set pin2drive.
 
  • Like
Reactions: Casss