Tesla Model 3 Stolen Using a Smartphone and Social Engineering

Discussion in 'HardForum Tech News' started by cageymaru, Sep 17, 2018.

  1. cageymaru

    cageymaru [H]ard as it Gets

    Messages:
    19,814
    Joined:
    Apr 10, 2003
    Hot on the heels of the revelation that security researchers can steal a Tesla in less than 30 seconds with $600 in parts, a 21 year old has stolen a Tesla Model 3 using just a smartphone and his wits. The car in this case was a rental car that had been previously rented by the suspect. One of the "cool" features of Tesla ownership is being able to start the car with just smartphone authentication. Because the suspect in this case had previously rented the car, he was able to socially engineer the Tesla support agent into reinstating his smartphone authentication onto the vehicle. Then he disabled the GPS tracking on the vehicle and took a cross country trip in the stolen car. He was arrested 2 days later in Waco, TX after being tracked using the Tesla Supercharger stations in various states.

    Computer forensics specialist Mark Lanterman commented on the case and said that he believes the suspected thief was able to make Tesla add the vehicle on his Tesla account: "What it sounds like this person may have done is convince Tesla to take the VIN number of that vehicle and add it to his Tesla account. By doing that, you can do that with a phone call. By doing that, you can now control the Tesla from an app on your phone." Tesla sometimes does that for Tesla owners with loaner vehicles to enable the features of the mobile app, like unlocking and starting the vehicle without the key.
     
  2. zkostik

    zkostik Gawd

    Messages:
    929
    Joined:
    Sep 17, 2009
    That's why I enjoy having an older gas powered car without all this "smart" bullshit. Surely a great example of where some of this tech features have no place to be!
     
    DrezKill, AceGoober, Dayaks and 2 others like this.
  3. thenapalm

    thenapalm Limp Gawd

    Messages:
    413
    Joined:
    Dec 6, 2001
    That must have been a sweet joyride. Riding cross country... 250 miles at a time. Hope it was worth it.
     
    legcramp, Xrave, AceGoober and 2 others like this.
  4. Mut1ny

    Mut1ny [H]ard|Gawd

    Messages:
    1,854
    Joined:
    Apr 4, 2013
    So I guess next is disabling the correct identifying info when charging.
     
  5. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,662
    Joined:
    Feb 3, 2014
    I agree but I am pretty sure that a thief could steal either my dumb ass car or truck with little more than a screwdriver and a key saw, so like $20 in parts.... Ar least those smart features let them track the vehicle across state lines in 48 hours after the theft occurred. Most cars after 6 hours it’s considered a lost cause.
     
    ChoGGi, AceGoober, Jim Kim and 2 others like this.
  6. NickJames

    NickJames [H]ardness Supreme

    Messages:
    6,618
    Joined:
    Apr 28, 2009
    What he did was no different than socially engineering the valet to give you someone's car keys. People will always be the crutch in our high security generation.
     
    vegeta535, DrezKill, AlphaQup and 3 others like this.
  7. Vader1975

    Vader1975 Gawd

    Messages:
    820
    Joined:
    May 11, 2016
    Grand theft auto to drive to Texas? In a car that is so recognizable its ridiculous. Especially in Texas amongst all the F150's and Sierra 1500HD's?
     
  8. Wierdo

    Wierdo [H]ard|Gawd

    Messages:
    1,776
    Joined:
    Jul 2, 2011
    A good reason to add a pin-code function and stick the key fob in a protective sleeve if this is a concern, as nothing is 100 percent secure.

    On a positive note, at least on the US side of things so far, 117 out of 119 thefts have been recovered due to the car's tracking features, the highest recovery rate of all vehicles, with second place coming at around 57 percent iirc.

    That's bound to change though as local burglars become as tech savvy as some in Europe - there are some reports of successful smuggling of vehicles across borders for parts there - so it's important to be defensive about such matters.

    Better safe than sorry.
     
  9. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,662
    Joined:
    Feb 3, 2014
    Exactly, for every one person trying to figure out how to keep your car from being stolen there are 10 people trying to steal it. There is no security system that can’t be bypassed and the human factor in all of them is the weakness. Just have to remember the good old “crowbar” algorithm, “there is no password that can be secured against a crowbar to the knee”.
     
    vegeta535, DrezKill, D-Money and 2 others like this.
  10. NickJames

    NickJames [H]ardness Supreme

    Messages:
    6,618
    Joined:
    Apr 28, 2009
    Yep, also remember OnStar? There were reports of people breaking into cars and asking OnStar to turn it on cause it was an emergency. I don't remember there being as much outrage.
     
    AceGoober and Lakados like this.
  11. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,662
    Joined:
    Feb 3, 2014
    Well shit, I forgot about that one.
     
    AceGoober likes this.
  12. EODetroit

    EODetroit [H]ard|Gawd

    Messages:
    1,485
    Joined:
    Oct 20, 2004
    At first I thought he was a white hat but then it turned out he was just a horrible thief.
     
    shspvr, AceGoober and cageymaru like this.
  13. cageymaru

    cageymaru [H]ard as it Gets

    Messages:
    19,814
    Joined:
    Apr 10, 2003
    That's what I was hoping that a report would say. :)
     
    Bigshrimp and AceGoober like this.
  14. dyzophoria

    dyzophoria Gawd

    Messages:
    946
    Joined:
    Jan 17, 2006
    I think I seem to understand your point, but I don't think old non-smart car vehicles are not that full-proof as well.
     
  15. zkostik

    zkostik Gawd

    Messages:
    929
    Joined:
    Sep 17, 2009
    Sort of but my thing is more on when is having too much digital and "smart" in a car is too much? The way I see it right now is like smart home gadgets that lack even the most basic security. Biggest DDoS attacks in history were launched from these compromised IoT devices which says a lot and I'm not sure much is being done about it. At least if I'm in my dumb ass car, nobody can hijack it remotely so having said that, potential danger and fallout from this is far greater. I doubt someone will also physically social engineer and get a valet key, unless that person tries to make dumb criminal of the day video people go for the easiest and safest route to do their dark deeds and it happened to be the smart feature in Tesla. There should perhaps at least be some kind of standard and security for this stuff and given all the issues that make the news from different car makers, somehow I doubt there's any.