I don't know if it's changed, but when I got my 3 last year the RFID was required to be used to pair a phone for the purposes of using the BT-based lock related controls, just wasn't needed for pairing as a BT media device. I'm not sure how much of the functions of the app are using the BT-based stuff that requires RFID to pair vs just via the API using your credentials though.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Whoa! Come on tesla!
- Thread starter Rottenapplr
- Start date
C141medic
Active Member
Exactly. The people in this thread and on this website is less likely to fall for this but it’s the other group of people who are at risk.
Kilotango74
Active Member
Dude chill. It's not the end of the F'ing world. hell you should sell me your car right now before it gets stolen. Or better yet, I'll just drive by and pick it up myself since its so easy.
Kilotango74
Active Member
LOL.....ahhhh ok, then continue to make off the hip comments that don't really apply because you are operating with half the info and therefore talking out your a$$. Great job!! Well done you!
Edit....don't know why you disagree Tom Edison, you made a comment without watching the darn video that directly addressed your comment.......The real Thomas Edison would have performed the necessary research......of course Tesla and Edison were bitter rivals....hhhhhmmmmm
Last edited:
No. All the access within the app that works when you are away from the car... works with the password.
Just don't share your password. Don't leave it in the car. Do not use the same password for multiple sites. Do not access random WiFi access points to "save phone data". Perhaps the "free charging" set is more likely to connect to random WiFi?
Yes, I'm all for 2FA. But it doesn't solve this problem. Makes it better, but doesn't solve.
More importantly, note the most cars can be towed in 45 seconds. In the big scheme of things, this isn't the end of the world.
Leafdriver333
Somewhat Active Member
You are giving someone the ability to track down, unlock, and start your car.
Safe? No
Reasonable risk? That's up to you. I use one of them. Heck, having a 3rd party app trailing your car might help if it gets stolen.
Ever use a 3rd party browser? May not be safe. Use a WiFi access point at the airport, hotel, etc? May not be safe. All risk choices.
Edit: One of my favorite WiFi names I see at a place I frequent "FBI Surveillance Van #22"
I watched the video, and as disclaimer I have to admit I watched other video from the same person in the past and I found them very interesting.
This one looks to me a long commercial for a VPN.
At the beginning of the video he says the video is sponsored by a VPN.
During the video he talks about the dangers of having the man in the middle, protect data, anybody can steal your car etc...
At the end he makes a commercial for a VPN.
So basically it's a long commercial video despised as a youtube video on the safety of the Tesla APP and model 3.
Disappointed
This one looks to me a long commercial for a VPN.
At the beginning of the video he says the video is sponsored by a VPN.
During the video he talks about the dangers of having the man in the middle, protect data, anybody can steal your car etc...
At the end he makes a commercial for a VPN.
So basically it's a long commercial video despised as a youtube video on the safety of the Tesla APP and model 3.
Disappointed
Not really... I trust the one I’m given at work for my daily job.
When using my phone if I have to do something “secure” I don’t use wifi connections
Knightshade
Well-Known Member
Naah- the real Edison would've stolen someone elses research and then taken the credit for it...
Kilotango74
Active Member
Lostb0y
Member
I look at this kind of issue differently. I just need to be more secure than most people, which is a wonderfully low bar.
1. I use a password manager, so every service has a different password - as long as the service allows (but some banks are notoriously crappy about having things like 12 character max limits).
2. Whenever possible, I use OTP. It’s a 2FA solution but much better than SMS texts for receiving a code. SMS is relatively easily to spoof and assign to a different device. Better than nothing, but probably doesn’t qualify as “secure”.
3. If I use any token-based services (TeslaFi, CarmIQ) then I only do it if a) I provide the token, not having the service login on my behalf to obtain the token and b) I can expire the token.
Every piece of software security can be hacked or has exploits to be leveraged. Just don’t be the easiest target.
1. I use a password manager, so every service has a different password - as long as the service allows (but some banks are notoriously crappy about having things like 12 character max limits).
2. Whenever possible, I use OTP. It’s a 2FA solution but much better than SMS texts for receiving a code. SMS is relatively easily to spoof and assign to a different device. Better than nothing, but probably doesn’t qualify as “secure”.
3. If I use any token-based services (TeslaFi, CarmIQ) then I only do it if a) I provide the token, not having the service login on my behalf to obtain the token and b) I can expire the token.
Every piece of software security can be hacked or has exploits to be leveraged. Just don’t be the easiest target.
Last edited:
Leafdriver333
Somewhat Active Member
One simple solution would be not connecting to a public wifi and logging on to Tesla.com like Pat who got his Model X stolen.
Sort of like not having to be faster than the bear, just faster than your friend ...
Similar threads
