New Break In Hack?

[Am12345]

My car was “broken” into today at the mall. I parked at 12:05pm and I have 2020.36.11 which has the phone notifications for leaving the car doors unlocked, windows, or trunk open from update 2020.32.3. I received one notification at 1:30pm that my trunk was left open. (There is service throughout the mall, no dead-zones, so it was not a delayed notification). Sure enough, when I went back, all of my belongings in the trunk were stolen. There was no force of entry, and no other notification about doors being unlocked.

I think there is a similar vulnerability with the recently discovered one for the Model X. However, I don’t have a keyfob, only my phone and a keycard, which were both on me while I was in the mall, hundreds (maybe thousands) of feet and through thick concrete walls. Perhaps they are able to use just the VIN now to hack into it?

 

[TSLA Pilot]

Most malls have security footage in the parking lot. I would call and stop by the security office and ask if they might review it with you as such a hack would likely take a minute or two of standing around perhaps?

Regardless, please let us know what you find out.

 

[JulienW]

• What did Sentry Mode record?
• Did you use you cell phone or key card on drive?
• If phone do you have Walkaway Lock enabled?
• Did you confirm (by horn chirp & mirror folding) that the car locked?
• Did the App under Controls say the car was locked or unlocked?

 

[fuddy]

• What did Sentry Mode record?
• Did you use you cell phone or key card on drive?
• If phone do you have Walkaway Lock enabled?
• Did you confirm (by horn chirp & mirror folding) that the car locked?
• Did the App under Controls say the car was locked or unlocked?

This. I always use walkaway lock and horn confirm. If I don't hear the horn I turn around to check

 

[JulienW]

What did Sentry Mode record?

What you are alleging seems VERY unlikely. In the Model X none were compromised and it was researchers (not thieves on the street) that discover the the hack. It is very complex, time consuming and requires specialized equipment and code writing. How it worked:


You need a MCU, a Bluetooth Key and a Raspberry Pi computer with the written code.
The steps of the attack are detailed below:

1. Attacker approaches the owner of Tesla Model X vehicle. The attacker needs to get as close as 5 meters to the victim in order to allow the older modified ECU to wake up and ensnare the victim's key fob.
2. The attacker then pushes the malicious firmware update to the victim's key fob. This part requires around 1.5 minutes to execute, but the range also goes up to 30 meters, allowing the attacker to distance themselves from the targeted Tesla owner.
3. Once a key fob has been hacked, the attacker extracts car unlock messages from the key fob.
4. The attacker uses these unlock messages to enter the victim's car.
5. The attacker connects the older ECU to the hacked Tesla car's diagnostics connector — normally used by Tesla technicians to service the car.
6. The attacker uses this connector to pair their own key fob to the car, which they later use to start the vehicle and drive away. This part also takes a few minutes to execute.

The only downside of this attack is the relatively bulky attack rig, which would be easy to spot unless concealed inside a backpack, bag, or another car.

 

[XLR82XS]

This. I always use walkaway lock and horn confirm. If I don't hear the horn I turn around to check

Walk-away lock ALWAYS on for me unless at home. Great feature. Mirrors folded - I'm good.

 

[Mattopotamus]

• What did Sentry Mode record?
• Did you use you cell phone or key card on drive?
• If phone do you have Walkaway Lock enabled?
• Did you confirm (by horn chirp & mirror folding) that the car locked?
• Did the App under Controls say the car was locked or unlocked?

I think the whole issue is that the car was not locked, so no sentry footage. He got an alert about the trunk being open, but not about the car being unlocked (if that was the case).

When I first got my Tesla, I thought walk away lock was on by default. I wasn't locking my car for the first month and couldn't figure out why sentry never worked =/