How to defeat the Tesla thieves:
Tesla cars are very secure vehicles, but they do contain some attractive electronic components. Want the parts to make a 100kW Power Wall? A box of Tesla parts makes an ideal starting point. Tesla cars, just like those legacy cars have some common security vulnerabilities. Understanding the techniques thieves use and how to use the unique security updates we’ve received will not only help protect your pride and joy, but also help keep our (your) insurance premiums in check.
The “Swiss Cheese” approach to security:
It is important to understand that the best security policies involve multiple “layers”. Each layer has vulnerabilities or “holes”, so by implementing multiple “layers” we can block the holes more effectively. In practice this means Enabling Pin2Drive AND Switching off “Passive Entry”, as well as taking other precautions discussed in the text of this document.
The Internet Hack:
Problem: There was a case in the USA where a Tesla rental car was stolen by a previous renter. The renter managed to obtain the internet secure access token required to unlock and drive the car.
Solution: It is most important to have a very secure and unique “My Tesla” password (Never share passwords with other internet accounts, banks, online shops Ashley Madison etc., one gets hacked – they all get hacked!) Choose a long password with upper and lower-case letters, numbers and special characters and remember to treat it like your bank account password; don’t log onto your account via any public Wi-Fi network (most are very insecure and rogue Wi-Fi access points can be present in public places, we had one at a London airport and there was the famous “Jet Blue Lounge Wi-Fi” case in the USA), don’t let others know of your password and make sure you enable log-on security on your phone with a similar strength of password (but a different one!). Enable “Touch ID” or “Face ID” if you have it and set your phone to lock immediately you put it down. Take the same precautions with your computer’s log-on account and web browser password repository, only use trusted third-party “Password Manager” applications, change your password on a regular basis just in case of an unknown third-party security breach.
The “Key Relay” Attack
Problem: Just like other car brands, Tesla’s “Passive Entry” feature is a thief’s dream. By picking up and amplifying the Long-Wave radio signal emitted from the car and “relaying” this signal towards your keys, the thief can “activate” your key from a considerable distance and cause it to send the “unlock” and “drive” signals from your house, pocket or handbag, just as if you’d pressed the button on the key yourself. The signal from the key to the car has a range of about 100 meters!
Solution: Switch off the Passive Entry system on the touchscreen. This is a 100% fix for this issue, but it’s not a 100% fix for every theft technique.
Partial Solution: “Faraday Cage” bag. This solution works well enough, but it has a couple of significant flaws:
- It relies on a human action to put the key in the bag – humans forget – the day you forget will be the day you lose your car.
- It’s not a great solution for the away from home “relay attack” as you walk into the supermarket the thief relays your key’s radio signal to his friend standing next to your car. However, I would re commend the Faraday Cage bag as an additional precaution as well as switching off passive entry as it helps prevent copying of the passive RFID tag (used when the key battery is flat) buried within the key’s technology. Oh, and don’t forget about your spare keys! But be aware, RF shield bags are not perfect, they are not perfect at blocking the key and car signal(s), they wear out with age and can potentially be overcome with more powerful key relay equipment.
There is only one manufacturer that offers a secure “Passive Entry” solution, the latest versions of the Jaguar E-PACE, I-PACE, Range Rover, and Land Rover Discovery models use a new technology called UWB (Ultra-Wide-Band). Land-Rover are the only vehicle manufacturer using this technology. At the time at writing all other “Passive Entry” systems are vulnerable in some way.
Figure 1The “Key Relay Attack”
The old-fashioned physical Key Thief:
Problem: The thief obtains your keys, by pickpocketing, using a fishing-rod though your letterbox or by burgling your house.
Solution: Your car keys are like a £100,000 Tiffany Novo! Would you leave one of those on the hall table?
Solution: Enable the new “PiN to Drive” feature: Even if the thief has the keys in his possession, the PiN to drive feature will make it more difficult for him to drive your car away. Make sure you use a secure PIN! No Birthdays and no key-pad common patterns or diagonals, repeating numbers, 1984, 2001, etc.
The Remote Intercept or Jamming Attack:
Problem: Every time you lock or open your Model S, your key sends a UHF radio signal to the car to perform the action. (Note: Other Tesla cars use Bluetooth). The thief sits somewhere locally and “records” this signal for analysis and re-use later on, or “jams” the signal to prevent the car being locked in the first place.
Solution: All we can do here is minimise the risk:
- Don’t use the key to lock your car – no key signal means no signal to intercept or Jam. Make sure your car has the “walk away door lock” feature activated so it automatically locks.
- Don’t use your key to unlock your car whilst at home, use the phone app, again no signal to intercept so there is no possibility of capturing the unlock signal
- Switch on the car’s “PiN to drive” feature and use a secure PIN number
- Tesla has upgraded the key cypher technology on the very latest cars, this upgrade is now offered to older Model S cars (Model X, 3 and Y do not currently require this upgrade as they use different technology).
- Ensure you regularly update the software on your V2 keys (it’s covered in the manual if it applies to your vehicle)
The Key Copy Hack:
Problem: The thief gets close to your keys and copies the passive (emergency entry) RFID tag built into your key, remember that your local locksmith has the kit to duplicate most car keys! This applies to ALL Tesla cars.
Solution: This is a most difficult hack to prevent, all you can do is keep your keys close to you, don’t give them to tyre fitters, valet parking companies or car wash outfits and do enable “PiN to drive”. If you have an older Model S, then consider upgrading the keys to the V2 keys that offer far better protection against cloning.
In summary: If you don’t know who they are, don’t let them have access to your keys.
Deter the Determined Thief:
Solution 1: If you have a habit of leaving your car for long periods or at places like airport car parks, consider adding a quality mechanical steering lock. The Thatcham Category 3 approved “Disk Lok” is one of the best out there and provides an additional visual deterrent.
Solution 2: Smart Water, at least the sticker is a great deterrent to profession thieves who strip cars for resale parts. It leaves an invisible DNA on every car component that the police can use to trace stolen parts back to the rightful owner and can provide important evidence in court. There is a special Tesla Owners UK price of £15 for a DIY kit and for £25 there is a version for your valuables within your home.
When All Else Fails:
A tracker unit with a recovery service can help recover your vehicle with the possible additional satisfaction of seeing them have their day in court. Tesla Owners UK has a discounted group buy arrangement with “Can Track” and their tiny five-year lithium battery operated units can be easily hidden and does not depend on or interfere with the vehicle electronics. The trick here is to hide the tracker unit in a component that would not normally be dismantled and consider adding a “decoy” unit, in a more obvious place, like behind a door card which will certainly be discovered during the dismantling process.