Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Whoa! Come on tesla!

This site may earn commission on affiliate links.
#81
brkaus said:
Use a WiFi access point at the airport, hotel, etc? May not be safe. All risk choices.
Click to expand...



I Never, Never, Never sign on to any outside wifi's or hotspots. I watch my family members scramble for the wifi key every time we go to a Hotel or other place. I showed them the video last night, they got a huge dose of reality.

This goes way beyond the car, WAYYYY beyond. The car is replaceable, its just an object that happens to be insured.

your identity, social media, banking is all at risk all the time even being safe and not signing on to unknown wifi. That just adds an extra layer of "we gotcha" if you do sign on. The pineapple is in the backpack of the person at the library, coffee shop, hotel room next to yours, airport. The pineapple could virtually be everywhere you are.
 
  • Like
Reactions: brkaus
#88
telos said:
Wait, I'm confused.

Why would you ever type in your tesla.com credentials anywhere other than the app or tesla.com?

Is there something special about supercharger locations that requires you to enter your credentials?

EDIT:

Note I'm not saying that 2FA is a bad thing. Tesla should definitely add it to your tesla.com account.
Click to expand...

Because it would be made to look exactly like Tesla.com. Many (not all) people would be fooled into entering their password.

But even without this hack, for people who reuse their passwords, someone can just try to log into Tesla.com using publicly available lists of emails/passwords. One they succeed, they can locate the car and steal it.

This is a very real security issue.
 
#90
Dan123 said:
Because it would be made to look exactly like Tesla.com
Click to expand...

Yes, everyone views their app, and my guess is they knock you off it and you have sign back in, thats when it happens. We all view our app upon charging, don't we? or certainly somewhere in the process of supercharging. I know I do every time without fail.

Ever been signed in to something like your bank and get knocked off, now it makes you wonder. Now with facial recognition iPhone and finger print ID on our phones this is harder I would imagine if this is how they get you to reinitiate.
 
Last edited:
#91
Oldschool496 said:
Yes, everyone views their app, and my guess is they knock you off it and you have sign back in, thats when it happens. We all view our app upon charging, don't we? or certainly somewhere in the process of supercharging. I know I do every time without fail.

Ever been signed in to something like your bank and get knocked off, now it makes you wonder. Now with facial recognition iPhone and finger print ID on our phones this is harder I would imagine if this is how they get you to reinitiate.
Click to expand...


The app isn't a web page- so this makes 0 sense.

A wifi hacker can't remotely spoof a local app on your phone.

(nor am I clear how you think they will "knock you off" your local app so you have to sign back in anyway)
 
#92
Knightshade said:
The app isn't a web page- so this makes 0 sense.

A wifi hacker can't remotely spoof a local app on your phone.

(nor am I clear how you think they will "knock you off" your local app so you have to sign back in anyway)
Click to expand...

Well, I am glad you know then. I have to sign in on occasion and its selected "stay signed in". What you think is happening when the app does that? Safe Travels. Getting knocked off is possible.
 
#95
SammichLover said:
Is there a place I can read up the [accurate] technical details of this, instead? I dislike the stress generated by listening to the Teslanomics guy.

https://imnotsurewhattocallthis.files.wordpress.com/2011/10/stress-confusionchoke.gif
Click to expand...


Already explained in this very thread multiple times. If you have their tesla login you can disable PIN to drive via the app, or simply use the tesla login IN PLACE OF a forgotten PIN in the car.

PIN to drive is totally useless if your tesla.com login is compromised.
 
  • Informative
Reactions: SammichLover
#96
Knightshade said:
Already explained in this very thread multiple times. If you have their tesla login you can disable PIN to drive via the app, or simply use the tesla login IN PLACE OF a forgotten PIN in the car.

PIN to drive is totally useless if your tesla.com login is compromised.
Click to expand...
Thanks. So it is all based around phishing my Tesla account password by some other means? Yeah, I had always assumed giving up that would be bad. I don't use PIN to drive because "never valet, not even once", and it didn't strike me as adding much actual security value.

I had scanned down through the thread to try figure out what the big deal was, and it wasn't being clearly spelled out. Just found a lot of dancing around it with stuff written with the assumption I'd watched the video rather than a sum-up. Which of course normally makes sense. :)

Another clickbait by Ben. *thumbsup*
 
Last edited:
  • Like
Reactions: davedavedave
#97
Knightshade said:
The app isn't a web page- so this makes 0 sense.

A wifi hacker can't remotely spoof a local app on your phone.

(nor am I clear how you think they will "knock you off" your local app so you have to sign back in anyway)
Click to expand...

True - but the vector here would be to spoof Tesla's service endpoints that the app talks too and use a MITM proxy. Luckily, all this is mitigated by a lot of clever handshaking between the App, Tesla's services, and the car. (see this: I decompiled the Tesla Android app and poked around a bit to try to figure out how the Model 3 phone key works : teslamotors )

Oh, also, WRT the safety of using your cell phone data plan instead of free wifi - there's always this: Stingray phone tracker - Wikipedia ... but Tesla's mobile app security wouldn't be compromised with this either.

I like Ben Sullen's videos, but this "dramatic reenactment" is not really a realistic, IMHO.
 
#98
Oldschool496 said:
I Never, Never, Never sign on to any outside wifi's or hotspots. I watch my family members scramble for the wifi key every time we go to a Hotel or other place. I showed them the video last night, they got a huge dose of reality.

This goes way beyond the car, WAYYYY beyond. The car is replaceable, its just an object that happens to be insured.

your identity, social media, banking is all at risk all the time even being safe and not signing on to unknown wifi. That just adds an extra layer of "we gotcha" if you do sign on. The pineapple is in the backpack of the person at the library, coffee shop, hotel room next to yours, airport. The pineapple could virtually be everywhere you are.
Click to expand...

What about signing on via a browser on the mobile phone via LTE?
 
#99
StellarRat said:
The obvious solution is to require a rectal scan to open the car.
Click to expand...

Rottenapplr said:
Innovative solution! Care to volunteer?
Click to expand...

I am having these bad images of this and the automatic Tesla charger. Buurrr

giphy.gif
 
  • Funny
Reactions: StellarRat, Rottenapplr and SammichLover
#100
Oldschool496 said:
Well, I am glad you know then. I have to sign in on occasion and its selected "stay signed in". What you think is happening when the app does that? Safe Travels. Getting knocked off is possible.
Click to expand...
That's not getting knocked off by some third party, that's having a token on your phone expire or having it's IP address change so that the server no longer recognizes it as the one that it was supposed to remember.
 
You must log in or register to reply here.

Similar threads

tm3lrawd
Watchla app no longer accepts authentication using tokens
Replies
3
Views
929
Software: Firmware Updates, Features, Tesla App
Blackfish
Blackfish
Transformer
Workaround to Log in to Tesla phone app with 2FA
Replies
4
Views
4K
Software: Firmware Updates, Features, Tesla App
PianoAl
PianoAl
N
  • Article
My first 2 weeks in a Model 3 Highland (RWD UK)
Replies
22
Views
2K
Model 3
Noodle944
N
ColR
  • Article
My Tesla Model 3 Highland experience – 1000 kilometres and 2 weeks later (in Ireland)
Replies
54
Views
3K
Model 3
noelslekkie
N
K
6 reasons why Tesla is failing, and they all have to do with design
Replies
19
Views
675
Model S
Giampigua
G
Top
Back
Blog
New
Forum list
Marketplace
Menu