Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Tesla hacked and stolen (video)

This site may earn commission on affiliate links.
Dj B

Dj B

Member
Nov 15, 2016
109
35
Nevada
#1
Is this real? If so, I'm nervous about my purchase. Obviously, there are a series of events that need to occur. I don't think I would ever download an unkown app for a free burger, but I might unknowingly download something as hackers continue to get more savvy at getting us click on stuff. Anyone know if this issue has been addressed by TM? Sorry if this has already been addressed, I can't search this site to find any previous threads about it

https://youtube/5jQAX4540hA
 
  • Love
Reactions: Gwgan
#2
Tesla Norway have comment on it and they said that the bug is not in the Tesla app but in the android system where a app could get control over other apps. If you have don't have a android you shouldn't need to worry and according to this article it have been solved in last version of Android so if you android you schould update your phone.

Hackers show how to steal a Tesla with a hack that has nothing to do with Tesla…
 
  • Helpful
Reactions: SW2Fiddler
#4
As vigge50 says, this isn't a weakness in anything that Tesla has control over.

In the car you can turn remote access on or off. If you decide to have it on, then you need to understand that your phone now has limited control over the car. Just like other apps on it may allow access to your bank account, stock broker account, cameras in your house, electronic lock on your front door, thermostat and many other things.

So make sure your phone has a strong passcode, is encrypted, has remote-wipe enabled, and don't install apps from untrusted sources.
 
  • Informative
  • Like
Reactions: EarlyAdopter and madodel
#5
Frankly, Tesla really needs more granularity in their remote control security settings. I am always astonished they haven't implemented anything more than an on/off switch inside the car for this.

Even one extra, sort of middle ground setting, would go a long way in alleviating these concerns. On this setting the car coud allow e.g. setting climate, honking the horn or blinking the lights, seeing the data - the usual parking lot things - but deny opening doors or starting the car (and deny changing these settings unless the key is inside the car, so breaking a window still won't let you drive away).

As long as the penalty for more security is the inability to use any of these useful remote settings, few people are willing to turn remote off and the risk of something bad happening remains high.
 
  • Like
Reactions: spottyq, Pwdr Extreme and hiroshiy
#6
Dj B said:
Is this real? If so, I'm nervous about my purchase. Obviously, there are a series of events that need to occur. I don't think I would ever download an unkown app for a free burger, but I might unknowingly download something as hackers continue to get more savvy at getting us click on stuff. Anyone know if this issue has been addressed by TM? Sorry if this has already been addressed, I can't search this site to find any previous threads about it

https://youtube/5jQAX4540hA
Click to expand...

It's real, and out of Tesla's control. Notice that they needed four things, though:

First, they needed a compromised app installed in the phone. I'm pretty sure that the reviews Apple and Google do would keep such an App out of the app stores.

Second, they needed to find and exploit a hole in the phone's operating system so the compromised app can read data from other apps.

Third, they needed the phone to be operating on a compromised Wi-Fi network, so the compromised app could send the data.

Fourth, they needed the user to actually enter the username and password to Tesla, instead of using the token the user got in some prior session like most of us do most days.

There's not much you can do about gaps in the OS except install updates promptly when offered, but the rest are entirely avoidable - don't install random apps outside the secure structure, don't send any data from unknown Wi-Fi, and if you're on unfamiliar Wi-Fi, don't log in to anywhere secure, including the phone app.

Even though the exploit shown doesn't involve any bugs on Tesla's side, there are a few things Tesla could do to make it more secure - the granular permissions someone mentioned above, two factor identification of the device making the request, or even requiring biometric verification for some of the actions since I think nearly all current generation phones have a fingerprint reader. (Any or all of these could be made into options selected by an authenticated user or hard requirements.)
 
  • Helpful
  • Like
Reactions: spottyq, DaddyP713, waterloo42 and 1 other person
#7
Saghost said:
Even though the exploit shown doesn't involve any bugs on Tesla's side, there are a few things Tesla could do to make it more secure - the granular permissions someone mentioned above, two factor identification of the device making the request, or even requiring biometric verification for some of the actions since I think nearly all current generation phones have a fingerprint reader. (Any or all of these could be made into options selected by an authenticated user or hard requirements.)
Click to expand...

Good additional ideas.

Given how little Tesla has done in the domain (while adding outrageous things like being able to start the car from the app without any additional security), I'd be hesitant to say anything is "out of Tesla's control". There is so much more they could do first... (I get it that a specific Android-related vulnerability is technically out of Tesla's control, but not really in practical terms. Tesla could do a lot to stop it.)
 
#8
Saghost said:
Third, they needed the phone to be operating on a compromised Wi-Fi network, so the compromised app could send the data.
Click to expand...

Exactly. Get a better data plan and stop connecting to that "FREE" WiFi at the mall. Hackers love to draw you in by using the word "free" in the WiFi description. If you see that in the list of available WiFi options, then it's probably a hacker. It's a growing problem that is getting worse by the day.

Be smart so that your Tesla, your passwords, your bank account, credit cards and everything else connected to your phone (literally everything) won't get stolen.

This is somewhat old news. Here's a 2015 story on it...

Hackers set up fake Wi-Fi hotspots to steal your information
 
Last edited:
  • Like
Reactions: wesley888
#10
"If you are driving a Tesla and it's stolen, is it now called an Edison?"
Credit to the comments section of that YouTube video.

Dj B said:
Is this real? If so, I'm nervous about my purchase.
Click to expand...

Seriously? If your car gets hacked and stolen I think you'd be the first. If you get it and accidentally total it, you'd join the ranks of many. But both ways, you'd have insurance - so why be nervous? I'm more nervous about a potential crash than the hack, and Tesla protects you extraordinarily well that way.
 
  • Informative
Reactions: dhanson865
#11
Canuck said:
Seriously? If your car gets hacked and stolen I think you'd be the first. If you get it and accidentally total it, you'd join the ranks of many. But both ways, you'd have insurance - so why be nervous? I'm more nervous about a potential crash than the hack, and Tesla protects you extraordinarily well that way.
Click to expand...

I believe there have been one or two potential hack and steal cases reported in, was it Germany? I understand in those cases the passwords were brute forced open or somesuch.

There really are very little in terms of protections in the system itself. Simple on/off switch in the car and an old fashioned username/password in the app.

More granularity in the car's security settings and multi-factor authentication with revokable certificates is definitely needed to bring it up to date. Until then, keeping remote control off is a valid suggestion, IMO.
 
You must log in or register to reply here.

Similar threads

S
Stolen Tesla X Plaid
Replies
83
Views
7K
Model X
sorka
S
A
Tesla Model X replacing old Tegra MCU on Intel MCU
Replies
3
Views
273
Model X
brainhouston
brainhouston
K
Question about buying a 2020 Tesla Model X
Replies
1
Views
329
Model X
Bigriver
Bigriver
S
How To Setup Charge on Solar
Replies
5
Views
148
Tesla Energy
arnolddeleon
arnolddeleon
C
Model X, FWD, and young children safety anxiety
Replies
4
Views
1K
Model X
mbp11
mbp11
Top
Back
Blog
New
Forum list
Marketplace
Menu