
Tesla Model 3 Stolen from Mall of America Using Smartphone - tomohawk
http://www.thedrive.com/tech/23599/tesla-stolen-from-mall-of-america-using-only-a-smartphone
======
jandrese
Like most "hacking" instances in real life this was an exploit of the service
desk. He called Tesla support and had the VIN (easily readable through the
windshield as required by law) added to his account so he could use the app on
his phone to access the car.

This seems like a big security hole, but it puts a giant arrow on the thief
that lets them be caught easily. It's a trap for dumb thieves. Basically only
good for going for a joyride.

Tesla definitely needs to harden their support desk however, because that's
just embarrassingly bad.

~~~
hughes
So the "hacking" part was convincing a support agent to give him access, and
the "with a smartphone" part was using the phone to talk to the agent?

~~~
EthanHeilman
>"hacking"

Whatever gets you access.

>"with a smartphone"

The smartphone was both used to talk to the agent and also, once authorized,
to unlock and turn on the car. See below:

"The person allegedly responsible for taking the car is believed to have
reached out to Tesla's customer support to add the stolen Model 3 to his Tesla
account by its vehicle identification number. Once the vehicle was accessible
on a smartphone that was signed into this person’s account, he was reportedly
able to unlock the car and drive away without ever needing a key."

~~~
stcredzero
> >"hacking"

> Whatever gets you access.

Social Engineering.

------
jplayer01
Clever, but the same case shows the difficulty of getting away with it, even
if you _are_ able to steal a Tesla. He was tracked by his use of the
supercharging network, which allowed law enforcement to find and arrest him a
few days later.

~~~
Alupis
Could he not have just charged without using the superchargers?

~~~
jplayer01
Who's going to use a Tesla without superchargers? At some point, somebody
will.

~~~
Alupis
> Who's going to use a Tesla without superchargers?

Well, if you stole the car, and now everyone is aware this is a way to track
them...

~~~
jplayer01
Most people who steal cars either chop them up for parts or sell them. What do
you think the new owner is going to do? Live without superchargers?

~~~
Alupis
> What do you think the new owner is going to do? Live without superchargers?

Why not? Plenty of folks with electric vehicles charge at home and such.

I agree it's usually to chop or sell - in this kid's case though, he was
probably planning on keeping it.

------
SEJeff
There is a new feature called "Pin To Drive" which would have likely foiled
most of this "attack".

[https://electrek.co/2018/08/29/tesla-new-security-
cryptograp...](https://electrek.co/2018/08/29/tesla-new-security-cryptography-
pin-to-drive-feature/)

I strongly encourage anyone with a Tesla (I have a Model 3) to enable Pin to
Drive:

    
    
        Controls > Safety and Security > PIN to Drive

~~~
driverdan
It's a rental car. They're not going to add a PIN.

------
jiveturkey
> without ever needing a key

That's disingenuous and the author knows it. Just prior they state that the
thief had to call in to Tesla to get authorized.

~~~
tux1968
They mean without a traditional physical key.

~~~
jiveturkey
yes but there's no difference in this case between a traditional key and an
electronic key. A key, of some sort, was required.

He didn't do some fancy hack of the car as if he could walk up to any Tesla
anywhere and steal it.

~~~
jstarfish
It seems that by your logic, any bypass of a car's authentication system
functions as a surrogate key.

Punching out an ignition column with a screwdriver and jumping wires is no
more having a key than calling customer service and fooling them into
transferring remote control to you. In all cases, you don't have what is
commonly understood to be "a key," yet you leave with what you came for.

The common vernacular has an accepted definition of what it means to require a
key to do something. Given that this is a criminal matter, you'd have a hard
time convincing a jury of yokels to share your understanding.

~~~
jiveturkey
He didn't (locally) bypass the car's authentication system.

As far as the car is concerned, he used a proper key.

I'm not sure what your comment about a jury of yokel's refers to. I clearly do
not mean that he didn't actually steal the car. It doesn't matter if that was
with a key or not.

"without a key" is clearly meant to imply that he walked right up. But what he
actually did is the equivalent of copying an existing key. IOW, he had a "key"
made.

~~~
jstarfish
To be clear, I do think your point/distinction is valid in a technical sense,
but not relevant to explanation of the crime.

He walked right up, made a phone call and Tesla support literally handed him
the car. What encrypted bits got shuffled around to make this happen are
secondary to the fact that he did steal the car (and yes, had Tesla fabricate
an ethereal key) using nothing but his phone.

------
neuralRiot
>... enabling the convenience of driving using only one's phone is a luxury
which most people have yet to experience just how insanely convenient it can
be.

Imagine the inconvenience of having to pull out the key like if it was the
20th century. This is idiotic as now you have the added problem that your car
will be stolen for using "password" as a password.

------
maerF0x0
Before luddites get in arms about "This would never happen with normal keys"
... Nothing stopping someone from making a copy of the keys _after renting the
car_ and coming back later to use them.

~~~
jiveturkey
Well, yes there is. Many if not most new cars require the _ECU_ to be
programmed to accept a new key. That's how typical theft deterrence works
today. You must also have possession of all keys to be programmed. You can't
just add a key and leave the others in place.

~~~
grecy
> _You must also have possession of all keys to be programmed. You can 't just
> add a key and leave the others in place._

Sure, if you do it at the dealer.

Find someone with a programmer and they can add a key without having the other
keys - I've done it myself on my own vehicle.

~~~
neuralRiot
Depends on the car, newer models need a special authorization to access
security related ECUs

~~~
grecy
Officially, yes, but virtually all of them have a bypass programmer ~6 months
after the vehicle is released.

