Other person opening our car trunk accidentally

[Ruester]

Another Model 3 owner, had his identical Model 3 (same color & wheel covers as ours) parked 50 feet from our car. He walked up to OUR car and, with his cell phone app, successfully opened OUR trunk and OUR driver's side door. Fortunately we were walking just 30 feet behind him to witness it. I then tried opening his car door - to no avail) Has anyone else experienced this? and if so, any solutions?

 

[Ruester]

Did you happen to notice the brand of phone he had? If it was the same as yours (any of your paired phones), that might increase the odds of the Bluetooth addresses being accidentally duplicated at the factory, which might help explain this. If his phone happened to duplicate the Bluetooth address of a phone that's paired to your car and set up as a key, but that was not the phone you tried to use, then that might also explain why yours couldn't unlock his car. Another possible explanation for this point is if his phone lacked cell or WiFi service but yours had it (because of different carriers, for instance). In that case, given what @stopcrazypp and @father_of_6 say, it's possible that your phone didn't attempt to fall back to Bluetooth but the other Tesla owner's phone did.

In fact, a simple experiment seems worth doing, involving two friends with Teslas: Person A disables WiFi and cell service on their phone, approaches Person B's Tesla (within Bluetooth range), and uses Person A's phone's Tesla app to try to unlock the car, pop the trunk, open the charge port, etc. It's conceivable that this fallback for manual unlocking was written with much-too-lax security and will work on any Tesla, much like any Supercharger, Wall Connector, or Mobile Connector will open the charge port on any Tesla. If this is the case, it's a jaw-dropping security flaw, so I hope it's not what's happening.

Hmmm. Lots of possible causes. We’ll have to wait snd see what Tesla says. Thanks for your help!

 

[Ruester]

Hmmm. Lots of possible causes. We’ll have to wait snd see what Tesla says. Thanks for your help!

Also, I don’t know what brand of phone he had. Wish we’d taken more time to dive further into the situation, but we had to leave.

 

[Ruester]

If he was standing next to your car, that opens up the possibility he pressed the trunk button on the car previously before you were able to see (and it only working as you get in range, which may lead to confusion over what activated it). That would make a lot more sense than his app somehow gaining access to your car.

Hope that’s the case

 

[jjrandorin]

Hope that’s the case

You specifically said that the person used the app, though, going as far as saying specifically that the persons wife / significant other arms were full, and they.....

Fyi, his wife’s arms were full of packages and he popped our trunk open with his phone remotely.

Since you mentioned them opening your car with the app at least twice, I thought you confirmed that with them. Did you verify that they did what you said above (opened it remotely) which would be opening the app, taping controls, then clicking the trunk, or are you assuming thats what happened because they were holding their phone while tugging on your trunk handle?

 

[Ruester]

You specifically said that the person used the app, though, going as far as saying specifically that the persons wife / significant other arms were full, and they.....



Since you mentioned them opening your car with the app at least twice, I thought you confirmed that with them. Did you verify that they did what you said above (opened it remotely) which would be opening the app, taping controls, then clicking the trunk, or are you assuming thats what happened because they were holding their phone while tugging on your trunk handle?

Yes, we saw him approach our car with his phone in hand and open the driver-side door.

 

[jjrandorin]

Yes, we saw him approach our car with his phone in hand and open the driver-side door.

So, that means you didnt know whether they used the app to open it, or not, and didnt ask them, right? Sorry for being direct here but "someone else used their app to open my car" is a completely different accusation than "someone opened my trunk while I was nearby".

 

[stopcrazypp]

Yes, we saw him approach our car with his phone in hand and open the driver-side door.

There seems to be a lot of inconsistencies in your account. Him being able to open the driver side door is entirely expected functionality when your bluetooth is in range. I presumed you saw what appeared to be him opening the trunk with the app (without touching the car at all) and then he opened the driver side door afterwards, but that doesn't appear to be the case if you characterized it that way.

Can you lay out exactly what order of operations happened (from when you saw him). Like what things he touched on the car (like handle/trunk button/touchscreen), what buttons he pressed on the app (if you don't know please state so), where he was when he did the action (like next to the trunk, next to driver door, inside car etc), and in what order?

 

[Ruester]

Yes, we saw him approach our car with his phone in hand and open the driver-side door.

So, that means you didnt know whether they used the app to open it, or not, and didnt ask them, right? Sorry for being direct here but "someone else used their app to open my car" is a completely different accusation than "someone opened my trunk while I was nearby".

It must have been their app because we were not close enough that my phone was in play. He was not even touching our trunk or car when he opened it. Fyi, he was equally stunned when the trunk opened and he realized it was not his car.

 

[gearchruncher]

You should really try and find the person again. This would clearly be a bug, and Tesla has a bug bounty program that pays out up to $10K.
A simple video showing this occurring and then videos of the cell phone apps proving they are not attached to the same car would likely be all you need.

All the talk of identical Bluetooth addresses and such is misled. Even with the same bluetooth address, the car talks to the app which has it's own keys. This is why the app has to be running and connected to the car for it to start and why if you reset you phone you need to re-pair it to the car with the app.

 

[the_burninator]

Yes, we saw him approach our car with his phone in hand and open the driver-side door.

What is the relevance of their phone being in their hand? A phone can’t open your door. It can only unlock it.

Since you were close enough to see this happen, you were probably close enough that your car doors were unlocked due to your own phone’s proximity.

 

[Ruester]

You should really try and find the person again. This would clearly be a bug, and Tesla has a bug bounty program that pays out up to $10K.
A simple video showing this occurring and then videos of the cell phone apps proving they are not attached to the same car would likely be all you need.

All the talk of identical Bluetooth addresses and such is misled. Even with the same bluetooth address, the car talks to the app which has it's own keys. This is why the app has to be running and connected to the car for it to start and why if you reset you phone you need to re-pair it to the car with the app.

Thanks for your thoughts, but he was a stranger who we’ll never see again unfortunately. Wow, had not heard about the 10k!

 

[jjrandorin]

Good points, we’ll also try to talk with Tesla on this incident. Thank you!

Unless you are much more definitive about the actual use by the other person of the tesla APP to open your vehicle, you are likely going to be wasting your time trying to engage Tesla on this. They are going to say, probably with fewer words, some combination of what @stopcrazypp said, and what I said.

To summarize that, its:

1. Do you know definitively, that the other person used the tesla APP to open your vehicle (right now, the answer you have given to this question is "no, I dont know this, I thought they used the tesla app because they had their phone in their hand")

2. Is it possible that you and your phone were close enough to the vehicle for your phone to be connected via bluetooth, thus enabling the stranger to tap the trunk handle without you seeing them do so, opening it, while you were in range? " Right now, the answer you have given to this question is "yes this is possible".

Unless you can definitively say "I asked this individual if they used the tesla app to open my car and they said yes, and then demonstrated it to me again by using the tesla app to open my car", tesla is going to tell you " your car connected to your phone because you were close enough for it to do so, and they pulled on the handle at that time".

 

[Ruester]

Unless you are much more definitive about the actual use by the other person of the tesla APP to open your vehicle, you are likely going to be wasting your time trying to engage Tesla on this. They are going to say, probably with fewer words, some combination of what @stopcrazypp said, and what I said.

To summarize that, its:

1. Do you know definitively, that the other person used the tesla APP to open your vehicle (right now, the answer you have given to this question is "no, I dont know this, I thought they used the tesla app because they had their phone in their hand")

2. Is it possible that you and your phone were close enough to the vehicle for your phone to be connected via bluetooth, thus enabling the stranger to tap the trunk handle without you seeing the do so, opening it, while you were in range? " Right now, the answer you have given to this question is "yes this is possible".

Unless you can definitively say "I asked this individual if they used the tesla app to open my car and they said yes, and then demonstrated it to me again by using the tesla app to open my car", tesla is going to tell you " your car connected to your phone because you were close enough for it to do so, and they pulled on the handle at that time".

I get your points. Thank you.

 

[XPsionic]

It must have been their app because we were not close enough that my phone was in play. He was not even touching our trunk or car when he opened it. Fyi, he was equally stunned when the trunk opened and he realized it was not his car.

So you heard your Tesla do the locking honk and the mirrors are folded up? Then he used his phone app to open the trunk and got in the driver's door?
This makes me wanna go around with wifi/data off and BT on and see how many Teslas I could open up with my app, lol.

 

[MP3Mike]

Any chance your car was originally delivered to the other person and they setup their phone as a key on it? Any unknown keys listed in your car?

 

[Ruester]

Any chance your car was originally delivered to the other person and they setup their phone as a key on it? Any unknown keys listed in your car?

Zero chance of that.

 

[rsharman]

Or perhaps your car wasn't actually locked? For example, walk away lock was turned off, or there was another phone left in the car keeping it unlocked.

 

[drtimhill]

Another Model 3 owner, had his identical Model 3 (same color & wheel covers as ours) parked 50 feet from our car. He walked up to OUR car and, with his cell phone app, successfully opened OUR trunk and OUR driver's side door. Fortunately we were walking just 30 feet behind him to witness it. I then tried opening his car door - to no avail) Has anyone else experienced this? and if so, any solutions?

Do you mean he unlocked it or just opened it with his hands? If you were that close its possible the car had already been unlocked by your phone?

 

[drtimhill]

Also, I don’t know what brand of phone he had. Wish we’d taken more time to dive further into the situation, but we had to leave.

If it was indeed a duplicate BT address then the phone brand doesnt matter. However, the chances of this are VERY low, unless Tesla made a HUGE batch of cars with the same BT address, since you are talking about you just HAPPEN to be parked next to the specific car that has that same BT address, AND the driver tried to open his car JUST as you were walking up. And even then, the BT mechanism used to communicate and unlock the car uses security protocols that the other phone would not be able to access.

 

[Ruester]

If it was indeed a duplicate BT address then the phone brand doesnt matter. However, the chances of this are VERY low, unless Tesla made a HUGE batch of cars with the same BT address, since you are talking about you just HAPPEN to be parked next to the specific car that has that same BT address, AND the driver tried to open his car JUST as you were walking up. And even then, the BT mechanism used to communicate and unlock the car uses security protocols that the other phone would not be able to access.

Thanks to you and everyone else for all your responses. I’m closing up this thread for now. If I do find something definitive, I’ll post it. There’s a slim chance we might even see the other driver again.
Also, this experience reinforces the benefit of having a PIN code, which we’d already set up.