A 21-year-old tea leaf was arrested for allegedly driving away with a Tesla Model 3 without needing a key. He didn't get very far as he was nicked at a charging station by police 1,000 miles (1609 km) away after the owner tracked it down.
Although the thief had disabled the car’s GPS, he didn't know about some other evil tracking gear the Tesla uses. Tesla Supercharger stations log the car's location on the owner's online billing system. He promptly provided the information to local law enforcement who quickly located it and arrested the thief at the scene.
After a spate of car thefts in Europe of late with thieves cloning the RFID signature of cars' remote key fobs. Tesla tried to stop this by implementing an optional PIN code on the Model S, 3 and X that owners can get before driving their cars. If activated, once the car detects the fob and boots-up, a keypad appears on the centre touchscreen. The drivers can either enter their pin to drive away or use their Tesla account credentials.
How did the car-hacker do it?
Computer forensics specialist Mark Lanterman said the car-hacker contacted Tesla's customer services and added the Tesla to his Tesla account using its VIN.
“What it sounds like this person may have done is convince Tesla to take the VIN of that vehicle and add it to his Tesla account”, Lanterman explained. “By doing that, you can do that with a phone call. By doing that, you can now control the Tesla from an app on your phone."
With it added to his account he was able to unlock it using his smartphone and drive away without a key.
According to an interview with Fox 9 News, the thief was a regular customer of the company. He had rented cars from them half a dozen times and often bragged about his knowledge of Tesla and its security systems.