Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
I watched this video (and I dont normally watch videos online from people who post here that say "look at my video".)

To summarize what I saw:

1. the "compromised" state was brought about by phishing the users credentials, to generate a token.
2. Once credentials are stolen from the user, the person stealing the credentials can do everything that the user could do with those credentials, including unlocking the car, etcc.
3. How to prevent: Use strong passwords / dont share passwords

Bonus: An advertisement for penetration testing from your company in the middle of the video.

Did I miss anything?

EDIT: One thing that is important to consider, is that all the people who use tesla credentials "somewhere else" like teslafi, stats, etc all increase their risk of something like this, because those services could be compromised as well.

This was covered very well by one of our posters ( @camalaio )in the following thread, which also goes into some detail around this topic (but in text form instead of watching a video).

PSA: Don't use third-party apps and services, period.
Last edited:
The video (and the forum post itself) is nothing more than a thinly veiled attempt to hide the fact that its primary reason for existence is to pimp the promotion in the video for the author’s penetration testing company.

There is zero new information provided in the video, and pretty much every owner is already aware of everything stated in the video.

The lengths that people will go to to skirt forum rules about advertising products and services is really amazing.

Good thing I’m not a mod here. OP would be permanently banned.
As you mention, they did a good job of skirting the rules. The video isnt straight advertising, even if the information is pretty much "once you have a token you can do what the owner can do". It doesnt fall in the realm of breaking the forum rules for advertising, even though, at least in my opinion, its fairly clear that is what was actually happening.

So, we left it here, but I summarized the video for anyone who might have been confused with the clickbaity type thread title.

Happy medium there, I guess.
If I use the Tesla app to unlock/start my car, the pin-to-drive is disabled?? I thought that was the entire reason for that feature

The reason for pin-to-drive is that if they would get access to your car that they cannot drive away. For example, via a relay attach.

Remote start always needs to have either a fingerprint or password as authentication. When your phone gets stolen and you do not have a password on thieves still cannot "start" the car unless they would know the Tesla account password or chop of your finger for its biometrics :)