Tesla cars are very secure vehicles, but they do contain some attractive electronic components. Want the parts to make a 100kWh Powerwall? A box of Tesla parts makes an ideal starting point. Tesla cars, just like those legacy cars have some common security vulnerabilities. Understanding the techniques thieves use and how to use the unique security updates we’ve received will not only help protect your pride and joy, but also help keep our (your) insurance premiums in check.
The “Swiss Cheese” approach to security:
It is important to understand that the best security policies involve multiple “layers”. Each layer has vulnerabilities or “holes”, so by implementing multiple “layers” we can block the holes more effectively. In practice, this means Enabling Pin2Drive (all cars), Switching off “Passive Entry” (Model S/X or 3/Y with physical key) AND enabling MFA/2FA, as well as taking other precautions discussed in the text of this document.
The Internet Hack: (All cars)
Problem: There was a case in the USA where a Tesla rental car was stolen by a previous renter. The renter obtained an access token to the main drivers account which was the owners fault. That would have been prevented if the owner simply didn’t give the renter direct access to the car and their account OR just changed their password.
Second Problem: Your Tesla login details are are the same as your <insert other website’s name> login details, this second website gets hacked and your login details are compromised for both this account but also your Tesla account.
Solution: It is most important to have a very secure and unique “My Tesla” password (Never share passwords with other internet accounts, banks, online shops etc., one gets hacked – they all get hacked!) Choose a long password with upper and lower-case letters, numbers and special characters and remember to treat it like your bank account password; don’t log onto your account via any public Wi-Fi network (most are very insecure and rogue Wi-Fi access points can be present in public places, we had one at a London airport and there was the famous “Jet Blue Lounge Wi-Fi” case in the USA), don’t let others know of your password and make sure you enable log-on security on your phone with a similar strength of password (but a different one!). Enable “Touch ID” or “Face ID” if you have it and set your phone to lock immediately you put it down. Take the same precautions with your computer’s log-on account and web browser password repository, only use trusted third-party “Password Manager” applications, change your password on a regular basis just in case of an unknown third-party security breach. Turn on MFA (2FA) within your Tesla account, this further secures your account by requiring a secondary ‘passcode’ similar to how your bank may require you to enter a code when making a new bank transfer for the first time via a dedicated card reader. You can use a password manager or apps such as Google Authenticator to provide you with this additional passcode which you enter after entering your email and password when logging in to the app or Tesla website.
The “Key Relay” Attack / ‘Man in the Middle Attack’ (Physical Key Fob)
Problem: Just like other car brands, Tesla’s “Passive Entry” feature (found on Model S/X and Model 3/Y with the optional physical key) is a thief’s dream. By picking up and amplifying the Long-Wave radio signal emitted from the car and “relaying” this signal towards your keys, the thief can “activate” your key from a considerable distance and cause it to send the “unlock” and “drive” signals from your house, pocket or handbag, just as if you’d pressed the button on the key yourself. The signal from the key to the car has a range of about 100 meters!
Solution: Switch off the Passive Entry system on the touchscreen. This is a 100% fix for this issue, but it’s not a 100% fix for every theft technique.
Partial Solution: “Faraday Cage” bag. This solution works well enough, but it has a couple of significant flaws:
- It relies on a human action to put the key in the bag / box – humans forget – the day you forget will be the day you lose your car.
- It’s not a great solution for the away from home “relay attack” as you walk into the supermarket the thief relays your key’s radio signal to his friend standing next to your car. However, I would recommend the Faraday Cage bag as an additional precaution as well as switching off passive entry as it helps prevent copying of the passive RFID tag (used when the key battery is flat) buried within the key’s technology. Oh, and don’t forget about your spare keys! But be aware, RF shield bags are not perfect, they are not perfect at blocking the key and car signal(s), they wear out with age and can potentially be overcome with more powerful key relay equipment. You may find a metal container box does the same job but be sure to check it regularly to ensure it works as expected.
There is only one manufacturer that offers a secure “Passive Entry” solution, the latest versions of the Jaguar E-PACE, I-PACE, Range Rover, and Land Rover Discovery models use a new technology called UWB (Ultra-Wide-Band). Land-Rover are the only vehicle manufacturer using this technology. At the time at writing all other “Passive Entry” systems are vulnerable in some way. Figure 1 – The “Key Relay Attack”
The old-fashioned physical Key Thief (Physical Key Fob + Key Card):
Problem: The thief obtains your keys, by pickpocketing, using a fishing rod through your letterbox or by burgling your house.
Solution: Your car keys are like a £100,000 Tiffany Novo! Would you leave one of those on the hall table?
Solution: Enable the new “Pin to Drive” feature, even if the thief has the keys in his possession, the Pin to drive feature will make it more difficult for him to drive your car away. Make sure you use a secure PIN! No Birthdays and no key-pad common patterns or diagonals, repeating numbers, 1984, 2001, etc.
The Bluetooth Key Relay Attack (Bluetooth Phone Key)
Similar to the ‘Key Relay Attack’ above this fairly new exploit (2022) allows someone with $100 worth of equipment and the knowledge to be able to exploit a weakness in the Bluetooth Low Energy standard to unlock your car if your phone’s Bluetooth is on and they can get close enough to that signal + a second person close to your car.
Solution: Automated the Bluetooth on your phone to turn off overnight (via Apple Shortcuts Automations, Samsung Bixby Routines and Google Android Tasker), e.g. at 11pm turn off Bluetooth + at 6am turn on Bluetooth OR at ‘Bedtime Routine’ turn off Bluetooth etc.
The Key Copy Hack (Physical Key Fob + Key Card):
Problem: The thief gets close to your keys and copies the passive (emergency entry) RFID tag built into your key, remember that your local locksmith has the kit to duplicate most car keys! This applies to ALL Tesla cars. This takes approximately 15 seconds to complete.
Solution: This is a most difficult hack to prevent, all you can do is keep your keys close to you, don’t give them to tyre fitters, valet parking companies or car wash outfits and do enable “PiN to drive”. If you have an older Model S, then consider upgrading the keys to the V2 keys that offer far better protection against cloning.
In summary: If you don’t know who they are, don’t let them have access to your keys.
The New Key Hack:
It would seem there is a fairly new (2022) hack which requires physical access (at least within Model S) to the inside of the cabin and networking cables within the car, this hack seems to take a good 30+ minutes to do so most likely they will get caught in the middle of doing the work but it appears that they can re-programme a new key to the car and disable Pin-To-Drive.
Solution: No known method to stop this hack, other than the swiss army approach of maximising the number of things that deter a thief (see below)
The Remote Intercept or Jamming Attack (Physical Key Fob):
There has been no evidence of Remote Intercept attacks taking place in the UK Problem: Every time you lock or open your Model S/X, your key sends a UHF radio signal to the car to perform the action. (Note: Other Tesla cars use Bluetooth). The thief sits somewhere locally and “records” this signal for analysis and re-use later on, or “jams” the signal to prevent the car being locked in the first place. Solution: All we can do here is minimise the risk:
- Don’t use the key to lock your car – no key signal means no signal to intercept or Jam. Make sure your car has the “walk away door lock” feature activated so it automatically locks.
- Don’t use your key to unlock your car whilst at home, use the phone app, again no signal to intercept so there is no possibility of capturing the unlock signal
- Switch on the car’s “PiN to drive” feature and use a secure PIN number
- Tesla has upgraded the key cypher technology on the very latest cars, this upgrade is now offered to older Model S cars (Model X, 3 and Y do not currently require this upgrade as they use different technology).
- Ensure you regularly update the software on your V2 keys (it’s covered in the manual if it applies to your vehicle)
Deter the Determined Thief:
- Solution 1: Install several Apple Air Tags or Tile Pro – They’re cheap and have helped to track thieves in the past, there are some great places to hide these within your car (just remember to set a reminder to check the batteries every year).
- Solution 2: If you have a habit of leaving your car for long periods (in vulnerable positions) consider adding a quality mechanical steering lock. The Thatcham Category 3 approved “Disk Lok” is one of the best out there and provides an additional visual deterrent.
- Solution 3: Smart Water, at the very least the sticker is a great deterrent to professional thieves who strip cars to resale parts. It leaves an invisible DNA on every car component that the police can use to trace stolen parts back to the rightful owner and can provide important evidence in court. There is a special Tesla Owners UK price of £15 for a DIY kit and for £25 there is a version for your valuables within your home.
- Solution 4: A tracker unit with a recovery service can help recover your vehicle with the possible additional satisfaction of seeing them have their day in court. Visit our supplier directory or discount code page to find a supplier that can help install for you. The trick here is to hide the tracker unit in a component that would not normally be dismantled and consider adding a “decoy” unit, in a more obvious place, like behind a door card which will certainly be discovered during the dismantling process.
- Solution 5: Improve your own home security by installing wired CCTV at home (ideally, with some at no higher than head height near the cars), suitably outside lighting, install electric gates/bollards if possible, consider a gravel driveway (this makes a noise), be cautious of any large shrubs near the car as these can be good hiding spots out of view from CCTV etc
- Solution 6: Be careful what you put on social media (e.g. showing that you’re away from home)
- Solution 7: Become best friends with your neighbours so they can look out for your home/car etc.
- Solution 8: Always plug your car in (every single time without fail), this would slow down any thief by 10-60 seconds which could mean the difference between getting caught and not!