[MinnVolt]

Just ran across this item - thought it might be interesting . . .

https://www.msn.com/en-us/autos/new...using-only-a-smartphone/ar-BBNl6dL?li=BBnb4R5

 

[lagagnon]

"The person allegedly responsible for taking the car is believed to have reached out to Tesla's customer support to add the stolen Model 3 to his Tesla account by its vehicle identification number."

This seems to be a classic example of a "social engineering" where the customer support/salesperson was duped/conned into divulging more details than should have been given given. Probably this is not a security loophole in Tesla's system, but rather like giving out your password or bank account details to some scammer claimed to be associated with you in some way....

 

[jcanoe]

The thief had the VIN because he had previously rented this exact M3 from this rental service. The rental service recognized the guy from the security camera images. The thief disabled the GPS, probably thought the M3 was then not able to be tracked. It would have been harder to catch the thief and recover the M3 but he was careless and used a SuperCharger in another state to recharge the stolen M3. The SuperCharger was able to pinpoint the exact location of the stolen M3, leading the police right to the vehicle.

 

[JRRF]

Typical stupid criminal scenario.

 

[Barry]

Not sure if this is true for Teslas, but on most cars, you can get the VIN by just walking up to the car and looking through the bottom of the windshield. Seems like this could possibly be a problem for things like the MyChevy app or whatever other car brands have that is equivalent, or for making duplicate keys. Not sure what other safeguards are in place in addition to using the VIN.

 

[Cord]

Still need a FOB to start and get out of park on a Volt and one FOB to make another.

I plan to move the start button to a SECRET location

 

[FI Spyder]

The weakest link in any computer security system is always the human.

 

[ItsNotAboutTheMoney]

Not sure if this is true for Teslas, but on most cars, you can get the VIN by just walking up to the car and looking through the bottom of the windshield. Seems like this could possibly be a problem for things like the MyChevy app or whatever other car brands have that is equivalent, or for making duplicate keys. Not sure what other safeguards are in place in addition to using the VIN.

Tesla has recently added "PIN to drive" in a software update. That was in fact added to help prevent thefts that have been using amplification of the fob signal, but would also help stop social engineering attacks. Tesla has a newer fob coming, including as an option for the Model 3, but the PIN will help in the meantime.

 

[jcanoe]

Tesla has recently added "PIN to drive" in a software update. That was in fact added to help prevent thefts that have been using amplification of the fob signal, but would also help stop social engineering attacks. Tesla has a newer fob coming, including as an option for the Model 3, but the PIN will help in the meantime.

Tesla added the PIN to drive capability to the Model S (MS) because early examples of the MS used a key fob that only used 40 bit encryption. This was inadequate as hackers proved they could generate all possible key code combinations just by intercepting two key fob transmissions between the fob and the MS. Later Model S, X use a more robust key fob encryption scheme.

The Model 3 is due to get a key fob based on owner feedback, the key card not being a satisfactory alternative to a fob.

It is possible that all vehicles with key fobs for entry and push button start may be able to be hacked using a key fob signal amplifier and repeater. In that case two factor authentication using a PIN to drive feature may become the standard for vehicle security.

Recently a neighbors Toyota Tundra truck was stolen. The truck had the remote key fob feature but not push button start. The owner stated that they had locked the truck on the day it was stolen. For the thief or thieves to be able to unlock and steal the truck they must have had a duplicate key or a master key.