So far there's been one successful attack that involved surfing to a 'bad' webpage on the car's touchscreen browser, followed by a malicious firmware update. Tesla's been closing the known holes, of course.
If Tesla remains as controlling over the Model 3 as they are over the Model S, you'll see a HECK of a lot more "jailbreaking", reverse engineering, and third party knock-off parts. A big reason Tesla has likely been successful so far controlling so much of the market around the Tesla is the high price: People who have them can afford Tesla's services and will be averse to risking the car with unsupported work, and there aren't all that many of them out there (comparatively) to begin with.
With the Model 3 hitting a much wider consumer market, you'll see a lot more interest in ways to get around Tesla.
I am actually expecting you may also see more lawsuits regarding things like software activation requirements vs. holding the title to the car and such. Tesla treats these cars like they're still Tesla's property, and if anything I'm shocked it hasn't been tested in court more already.
There's been a big legal battle between John Deere tractors and farmers who want to fix them. I haven't been paying close attention to that case, but it seems like a very similar situation.
> I'm shocked it hasn't been tested in court more already.
Most Teslas on the road are still under warranty, with Tesla footing the bill for repairs. Once all of those second and third owners of Model Ss start needing out-of-warranty repairs, then I expect we'll start seeing some real heat.
A trailer with an all metal skin is an off the shelf type item, a Connex box, for example. One could also line the inside of a trailer with foil backed foam. Neither would be a lot of effort, even for a $30k car.
Even if they can't steal a whole car and have it be usable, the parts might still be worth a lot. If you steal a 100k car and sell the parts for 10k, it could still be profitable and worth the risk to some people.
I'd bet my life that either they Faraday caged it immediately a-la a Knight Rider-type fully-enclosed, possibly-camouflaged vehicle truck or they knew how to disconnect power to the GPS system quickly. Either way, it was faster than owner or police could do anything about it.
The police working with Tesla would be wise to leave some bait-cars around with extra cameras and nearby arrest teams to gather evidence to prosecute the gang(s) doing this.
> it’s not clear how the vehicle was stolen in the first place.
> For owners, it’s important to make sure that your Tesla account is secured with a strong password and to keep your key fobs in a secure location at a safe distance from the vehicle when parked.
The insinuation here is that owners had weak passwords and/or kept their keys in an insecure location at an unsafe distance from the vehicle. Another explanation could be that hacker-thieves found a way to access Tesla's without keys and/or passwords.
If they have ways to access Teslas in general without the specific keys/passwords, then wouldn't you expect there to be a wave of stolen Teslas instead of just 2?
What is the range of the key fob, and does Tesla warn customers to keep keys far away from the car (not in rooms adjacent to the garage, for example)?
I have a friend who bought a late-model BMW and accidentally discovered that her keyless ignition is also fobless — if unlocked, her car will start even if the key fob is miles away. Not an easily discoverable bug, since she typically has her key with her when she approaches her car.
All keyless gobs have the same problem, a thief with a repeater can extend the signal range and steal your car while you are at dinner, even if blocks away.
I know someone who had their Tesla stolen in Belgium, never to be recovered. The car just vanished from the system, no connection to the network and the last known location was in front of their house.
I always wondered what thieves do with these vehicles though.
There are companies specializing in doing this for just about every car and model ever released so for sure someone that wants to make a parts line would start from a legally obtained vehicle. It would make absolutely no sense for an otherwise legitimate business to start their whole development effort with an illegal act saving them at best $100K when the whole effort will likely run into the millions by the time it is all done.
Can you get a Tesla serviced anywhere other than a Tesla dealership? Does anyone do this? Seems like it's going to be difficult to consistently sell $100k of Tesla parts for even 10% of their value.
Tesla forbids any unauthorized party from even seeing a repair manual for the car, except where they're legally forced to by "right to repair" laws. (In those jurisdictions, they charge a high price for time-limited access.)
But, bear in mind, the difficulty in getting access to Tesla service or parts outside of the official methods is what makes the parts so valuable: There's almost none on the market to begin with. Those who need them (for whatever reason) will have to pay big to get them, since competition isn't driving down the prices. And most Tesla owners can obviously afford it.
Lots of cars are worth more as parts, and not just 20 year old ones sitting in the local salvage yard. Individual parts (airbags, ECUs, on-board entertainment systems, etc) can frequently run hundreds of dollars on the secondary markets. Further, most mechanics don't verify the serial number of a part before installing it in a car they are repairing.
As the cars are stolen, its all easy money for everyone involved as the thief doesn't have to make 100k on it. Even a few grand could make it worth the effort. Then beyond the thief and the chop shop, no one needs know the parts are stolen.
In a way its a good sign for tesla, cars tend to be stolen at rates proportional to their popularity. It also means that there must be a functional market for the parts.
It's a real shame that Tesla has wedded their beautiful drivetrain engineering to such a creepy, cell-phone-esque system of automatic software updates and GPS tracking and giant touchscreens; I'd like to like their cars, but I want absolutely none of that.
You can turn off location services, however that still does not prevent your location from being tracked by your carrier. They know where you are, which tower you are connected to, etc. The only way to avoid tracking is to not carry a cell phone, simply turning off location services doesn't keep you from being tracked.
One could argue that cellphones might secretly call home even on airplane mode and we shouldn't trust them, but then again, why couldn't one apply the same conspiracy theory against vehicles not made by Tesla?
I can easily wrap my cell phone in a Faraday cage that I'm pretty sure can't be penetrated by a malicious (or just nosey) baseband processor on the phone.
It's harder to drive a car when it's wrapped in tinfoil.
As I understand it, a smartphone is also able to be tracked when the device is powered off. The only solution is to remove the battery (difficult if it's soldered), or to leave it at home.
Wow! I never heard of that. It looks like that article is about govt applying spyware to phones, like how they also made companies give them user data. By the same token, I guess the govt could work with car manufacturers to install tracking devices in every car...
That's only true if the baseband is still alive and pinging the tower. That's easy enough to find out (field strength meter, $5 in parts next to the phone).
A smartphone (actually any cellphone) can be detected when it's powered off (assume flat battery), but not tracked. Works using ferromagnetism, which also detects explosives.
Yes, but your carrier is in many places subject to a whole bunch of privacy legislation. The chances of your CDRs or triangulation info walking out the door there are fairly low. Compared to commercial organizations that sell your data at the drop of a hat I'd trust a cell phone provider long before I'd trust a company in some other country not beholden to local laws.
Tesla's privacy policy does say that this data won't be shared outside of "Tesla personnel" [0] - what evidence do you have that Tesla would break their agreement with their customers, and which law(s) in which country(s) prohibit carriers from selling location data?
The word 'Tesla' was not in my comment, as for the second point all of Europe, and probably many other countries besides. The data can be sold but only when it is not associated with PII.
politician didn't say having a smartphone was mandatory, nor did marssaxman say having a tesla was mandatory. politician is merely guessing that marssaxman might have a cellphone tracking their location, so having tesla track their location wouldn't be much worse
He wrote 'smartphone', not 'cellphone' and presumably knows the difference.
With a cellphone the GPS in the phone can - and will - track you six ways from Sunday unless you are very very careful, with a cellphone the carrier does not so much 'track your location' as that they record field strength to determine which tower you connect to as well as to manage the handover. To turn that into location data is absolutely possible but not nearly as accurate as GPS, especially not when you stop moving for a while.
Accelerometer can do some pretty impressive dead reckoning once you have a fix. Microphones can be used for triangulation based on multiple fixes on the same sound sources (used for shot detection, but it works the other way around too).
Well put; I suppose I should have referred to "a" smartphone rather than implied ownership of a smartphone. On the other hand, the smartphone installed base is on the order of 3.4B devices, so I'd ask that you give me the benefit of the doubt for assuming that an HN reader owns a smartphone.
I don't, and for precisely those reasons. Actually I do own them for testing and dev purposes but never ever carry them with me, my regular phone is an oldie from just before the smartphone hit. I fear the day that it will die.
63 comments
[ 4.2 ms ] story [ 116 ms ] threadWhat do they do about software updates though? They would probably have to break the firmware to if they still want any updates.
With the Model 3 hitting a much wider consumer market, you'll see a lot more interest in ways to get around Tesla.
I am actually expecting you may also see more lawsuits regarding things like software activation requirements vs. holding the title to the car and such. Tesla treats these cars like they're still Tesla's property, and if anything I'm shocked it hasn't been tested in court more already.
Besides there being many more of the latter they also have special legal aspects in the form of all kinds of consumer protections.
Most Teslas on the road are still under warranty, with Tesla footing the bill for repairs. Once all of those second and third owners of Model Ss start needing out-of-warranty repairs, then I expect we'll start seeing some real heat.
Foil backed foam won't necessarily block a cell signal - heck, there are entire buildings insulated with the stuff and it has little effect.
The police working with Tesla would be wise to leave some bait-cars around with extra cameras and nearby arrest teams to gather evidence to prosecute the gang(s) doing this.
> For owners, it’s important to make sure that your Tesla account is secured with a strong password and to keep your key fobs in a secure location at a safe distance from the vehicle when parked.
The insinuation here is that owners had weak passwords and/or kept their keys in an insecure location at an unsafe distance from the vehicle. Another explanation could be that hacker-thieves found a way to access Tesla's without keys and/or passwords.
I have a friend who bought a late-model BMW and accidentally discovered that her keyless ignition is also fobless — if unlocked, her car will start even if the key fob is miles away. Not an easily discoverable bug, since she typically has her key with her when she approaches her car.
Perhaps they just loaded them onto a shielded vehicle, moved them, dismantled them, and spread the parts around via regular trucks?
I always wondered what thieves do with these vehicles though.
But, bear in mind, the difficulty in getting access to Tesla service or parts outside of the official methods is what makes the parts so valuable: There's almost none on the market to begin with. Those who need them (for whatever reason) will have to pay big to get them, since competition isn't driving down the prices. And most Tesla owners can obviously afford it.
As the cars are stolen, its all easy money for everyone involved as the thief doesn't have to make 100k on it. Even a few grand could make it worth the effort. Then beyond the thief and the chop shop, no one needs know the parts are stolen.
In a way its a good sign for tesla, cars tend to be stolen at rates proportional to their popularity. It also means that there must be a functional market for the parts.
No thank you - oh my god, no thank you very much.
It's a real shame that Tesla has wedded their beautiful drivetrain engineering to such a creepy, cell-phone-esque system of automatic software updates and GPS tracking and giant touchscreens; I'd like to like their cars, but I want absolutely none of that.
One could argue that cellphones might secretly call home even on airplane mode and we shouldn't trust them, but then again, why couldn't one apply the same conspiracy theory against vehicles not made by Tesla?
It's harder to drive a car when it's wrapped in tinfoil.
Most people don't carry portable Faraday cages.
Tesla's privacy policy does say that this data won't be shared outside of "Tesla personnel" [0] - what evidence do you have that Tesla would break their agreement with their customers, and which law(s) in which country(s) prohibit carriers from selling location data?
[0] https://www.tesla.com/about/legal
With a cellphone the GPS in the phone can - and will - track you six ways from Sunday unless you are very very careful, with a cellphone the carrier does not so much 'track your location' as that they record field strength to determine which tower you connect to as well as to manage the handover. To turn that into location data is absolutely possible but not nearly as accurate as GPS, especially not when you stop moving for a while.
Nevertheless, what you describe sounds a lot like a "smartphone with location services off" (assuming you trust the smartphone)
http://www.popsci.com/technology/article/2013-04/smartphone-...
Smartphones can track you in a large number of ways, and you really should not trust them (esp. not if they are Android).