63 comments

[ 4.2 ms ] story [ 116 ms ] thread
I would imagine the easiest way to steal a Tesla is to create a make-shift faraday cage in a truck bed and then disconnect the power.
I was about to say that is a lot of effort.. but for a 100k car it would be worth it.

What do they do about software updates though? They would probably have to break the firmware to if they still want any updates.

I wonder how long until someone "jailbreaks" Teslas.
So far there's been one successful attack that involved surfing to a 'bad' webpage on the car's touchscreen browser, followed by a malicious firmware update. Tesla's been closing the known holes, of course.
If Tesla remains as controlling over the Model 3 as they are over the Model S, you'll see a HECK of a lot more "jailbreaking", reverse engineering, and third party knock-off parts. A big reason Tesla has likely been successful so far controlling so much of the market around the Tesla is the high price: People who have them can afford Tesla's services and will be averse to risking the car with unsupported work, and there aren't all that many of them out there (comparatively) to begin with.

With the Model 3 hitting a much wider consumer market, you'll see a lot more interest in ways to get around Tesla.

I am actually expecting you may also see more lawsuits regarding things like software activation requirements vs. holding the title to the car and such. Tesla treats these cars like they're still Tesla's property, and if anything I'm shocked it hasn't been tested in court more already.

There's been a big legal battle between John Deere tractors and farmers who want to fix them. I haven't been paying close attention to that case, but it seems like a very similar situation.
Big difference between business operators and private individuals consuming goods.

Besides there being many more of the latter they also have special legal aspects in the form of all kinds of consumer protections.

(comment deleted)
> I'm shocked it hasn't been tested in court more already.

Most Teslas on the road are still under warranty, with Tesla footing the bill for repairs. Once all of those second and third owners of Model Ss start needing out-of-warranty repairs, then I expect we'll start seeing some real heat.

A trailer with an all metal skin is an off the shelf type item, a Connex box, for example. One could also line the inside of a trailer with foil backed foam. Neither would be a lot of effort, even for a $30k car.
> foil backed foam

Foil backed foam won't necessarily block a cell signal - heck, there are entire buildings insulated with the stuff and it has little effect.

Even if they can't steal a whole car and have it be usable, the parts might still be worth a lot. If you steal a 100k car and sell the parts for 10k, it could still be profitable and worth the risk to some people.
Or a cloth car cover faraday cage. Slip it over the car and voila.
Right. Way easier, and easily portable from truck to truck. Crazy.
I'd bet my life that either they Faraday caged it immediately a-la a Knight Rider-type fully-enclosed, possibly-camouflaged vehicle truck or they knew how to disconnect power to the GPS system quickly. Either way, it was faster than owner or police could do anything about it.

The police working with Tesla would be wise to leave some bait-cars around with extra cameras and nearby arrest teams to gather evidence to prosecute the gang(s) doing this.

Really doesn't need camouflage. Generic white box flatbeds are all over the place.
> it’s not clear how the vehicle was stolen in the first place.

> For owners, it’s important to make sure that your Tesla account is secured with a strong password and to keep your key fobs in a secure location at a safe distance from the vehicle when parked.

The insinuation here is that owners had weak passwords and/or kept their keys in an insecure location at an unsafe distance from the vehicle. Another explanation could be that hacker-thieves found a way to access Tesla's without keys and/or passwords.

If they have ways to access Teslas in general without the specific keys/passwords, then wouldn't you expect there to be a wave of stolen Teslas instead of just 2?
What is the range of the key fob, and does Tesla warn customers to keep keys far away from the car (not in rooms adjacent to the garage, for example)?

I have a friend who bought a late-model BMW and accidentally discovered that her keyless ignition is also fobless — if unlocked, her car will start even if the key fob is miles away. Not an easily discoverable bug, since she typically has her key with her when she approaches her car.

That sounds like a terrible design flaw. Kids could easily start the car then.
All keyless gobs have the same problem, a thief with a repeater can extend the signal range and steal your car while you are at dinner, even if blocks away.
Could you build a portable faraday cage of sorts to carry in your pocket that effectively reduces the range to zero when the fob resides inside it?
Why is that an insinuation and not simply a reminder?

Perhaps they just loaded them onto a shielded vehicle, moved them, dismantled them, and spread the parts around via regular trucks?

I know someone who had their Tesla stolen in Belgium, never to be recovered. The car just vanished from the system, no connection to the network and the last known location was in front of their house.

I always wondered what thieves do with these vehicles though.

Sell parts to Chinese for reverse engineering.
You realize that you can just buy a Tesla in China, right?
Not to build a car, but to create knock-off parts.
Their point is that if you wanted one to reverse engineer, you could just buy one and disassemble it
There are companies specializing in doing this for just about every car and model ever released so for sure someone that wants to make a parts line would start from a legally obtained vehicle. It would make absolutely no sense for an otherwise legitimate business to start their whole development effort with an illegal act saving them at best $100K when the whole effort will likely run into the millions by the time it is all done.
Probably a chop shop. Tesla parts are hard to get, they probably have decent resale value.
Can you get a Tesla serviced anywhere other than a Tesla dealership? Does anyone do this? Seems like it's going to be difficult to consistently sell $100k of Tesla parts for even 10% of their value.
Tesla forbids any unauthorized party from even seeing a repair manual for the car, except where they're legally forced to by "right to repair" laws. (In those jurisdictions, they charge a high price for time-limited access.)

But, bear in mind, the difficulty in getting access to Tesla service or parts outside of the official methods is what makes the parts so valuable: There's almost none on the market to begin with. Those who need them (for whatever reason) will have to pay big to get them, since competition isn't driving down the prices. And most Tesla owners can obviously afford it.

Ebay has quite a few parts so there is definitely a market out there.
There's a small, emerging aftermarket parts market, but it's mostly accessories at this point.
Lots of cars are worth more as parts, and not just 20 year old ones sitting in the local salvage yard. Individual parts (airbags, ECUs, on-board entertainment systems, etc) can frequently run hundreds of dollars on the secondary markets. Further, most mechanics don't verify the serial number of a part before installing it in a car they are repairing.

As the cars are stolen, its all easy money for everyone involved as the thief doesn't have to make 100k on it. Even a few grand could make it worth the effort. Then beyond the thief and the chop shop, no one needs know the parts are stolen.

In a way its a good sign for tesla, cars tend to be stolen at rates proportional to their popularity. It also means that there must be a functional market for the parts.

GPS and GSM signals can be easily jammed, and such devices don't cost much in China.
> always-on advanced GPS tracking feature

No thank you - oh my god, no thank you very much.

It's a real shame that Tesla has wedded their beautiful drivetrain engineering to such a creepy, cell-phone-esque system of automatic software updates and GPS tracking and giant touchscreens; I'd like to like their cars, but I want absolutely none of that.

Do you carry your smartphone with you in your car?
great question... patiently waiting for the answer
While I disagree with GP, I also think a smartphone whose location services can be turned off is different than an "always on" car GPS
You can turn off location services, however that still does not prevent your location from being tracked by your carrier. They know where you are, which tower you are connected to, etc. The only way to avoid tracking is to not carry a cell phone, simply turning off location services doesn't keep you from being tracked.
Why wouldn't airplane mode solve this problem?

One could argue that cellphones might secretly call home even on airplane mode and we shouldn't trust them, but then again, why couldn't one apply the same conspiracy theory against vehicles not made by Tesla?

I can easily wrap my cell phone in a Faraday cage that I'm pretty sure can't be penetrated by a malicious (or just nosey) baseband processor on the phone.

It's harder to drive a car when it's wrapped in tinfoil.

As I understand it, a smartphone is also able to be tracked when the device is powered off. The only solution is to remove the battery (difficult if it's soldered), or to leave it at home.

Most people don't carry portable Faraday cages.

The part about the battery is very interesting! I googled it and couldn't find any more information though... do you have any links?
That's only true if the baseband is still alive and pinging the tower. That's easy enough to find out (field strength meter, $5 in parts next to the phone).
A smartphone (actually any cellphone) can be detected when it's powered off (assume flat battery), but not tracked. Works using ferromagnetism, which also detects explosives.
Yes, but your carrier is in many places subject to a whole bunch of privacy legislation. The chances of your CDRs or triangulation info walking out the door there are fairly low. Compared to commercial organizations that sell your data at the drop of a hat I'd trust a cell phone provider long before I'd trust a company in some other country not beholden to local laws.
> sell your data at the drop of a hat

Tesla's privacy policy does say that this data won't be shared outside of "Tesla personnel" [0] - what evidence do you have that Tesla would break their agreement with their customers, and which law(s) in which country(s) prohibit carriers from selling location data?

[0] https://www.tesla.com/about/legal

The word 'Tesla' was not in my comment, as for the second point all of Europe, and probably many other countries besides. The data can be sold but only when it is not associated with PII.
Is having a smartphone mandatory now?
politician didn't say having a smartphone was mandatory, nor did marssaxman say having a tesla was mandatory. politician is merely guessing that marssaxman might have a cellphone tracking their location, so having tesla track their location wouldn't be much worse
He wrote 'smartphone', not 'cellphone' and presumably knows the difference.

With a cellphone the GPS in the phone can - and will - track you six ways from Sunday unless you are very very careful, with a cellphone the carrier does not so much 'track your location' as that they record field strength to determine which tower you connect to as well as to manage the handover. To turn that into location data is absolutely possible but not nearly as accurate as GPS, especially not when you stop moving for a while.

I apologize for writing "cellphone" instead of specifically "smartphone" in my comment - I meant to say the latter.

Nevertheless, what you describe sounds a lot like a "smartphone with location services off" (assuming you trust the smartphone)

Accelerometer can do some pretty impressive dead reckoning once you have a fix. Microphones can be used for triangulation based on multiple fixes on the same sound sources (used for shot detection, but it works the other way around too).

http://www.popsci.com/technology/article/2013-04/smartphone-...

Smartphones can track you in a large number of ways, and you really should not trust them (esp. not if they are Android).

Well put; I suppose I should have referred to "a" smartphone rather than implied ownership of a smartphone. On the other hand, the smartphone installed base is on the order of 3.4B devices, so I'd ask that you give me the benefit of the doubt for assuming that an HN reader owns a smartphone.
I don't, and for precisely those reasons. Actually I do own them for testing and dev purposes but never ever carry them with me, my regular phone is an oldie from just before the smartphone hit. I fear the day that it will die.
Honestly, I'm jealous. While I find them convenient, I also find them troubling.