Tesla Model 3 Stolen From Mall of America Using Only a Smartphone
A little bit of social engineering can go a long way.
With cars becoming more connected than ever, cybersecurity is a hot-button topic that extends past your computer screen and into your car. Using a bit of technology, an alleged car thief was able to get his hands on a Model 3 at the Mall of America and drive away without needing a key. The alleged crime was reportedly committed via smartphone.
A computer forensics specialist who commented on the happenings of the incident was able to narrow down just how the alleged stolen Tesla was taken with such reported ease. The person allegedly responsible for taking the car is believed to have reached out to Tesla's customer support to add the stolen Model 3 to his Tesla account by its vehicle identification number. Once the vehicle was accessible on a smartphone that was signed into this person’s account, he was reportedly able to unlock the car and drive away without ever needing a key.
Several days later, the alleged car thief was tracked down and arrested in the stolen car in Waco, Texas, more than 1,000 miles south of its starting point in Minnesota. Since this person disabled GPS tracking on the car, the owner had to utilize a different method of tracking down the alleged crook. The owner tracked the location of the car's Supercharging and provided it to local authorities where they promptly located the car and arrested the man behind the wheel.
The Tesla is owned by a company called Trevla, a Tesla rental company located inside of the Mall of America. The 21-year-old alleged car thief had previously rented vehicles from the company at least six times prior to the alleged theft, confirmed a local news station with the owner of the company. The owner also recalled this same person supposedly bragging about the extensive knowledge he held regarding Tesla's security systems, ultimately leading the rental company to suspect this particular regular customer when the vehicle came up missing.
The automaker told Electrek that the alleged car thief likely had previously rented the vehicle and had an already-authenticated phone as a result. The owner of Trevla reportedly refuted this claim, stating that he had removed the phone's access following this person’s prior rental. At the time of writing, Tesla did not respond to The Drive's request for comment.
Tesla has enabled keyless entry and driving in its vehicles for quite some time, enabling the convenience of driving using only one's phone is a luxury which most people have yet to experience just how insanely convenient it can be. Unfortunately, convenience can also be a point of entry from a cybersecurity perspective. The Model 3's primary use of entry and driving is a linked smartphone, using only a backup keycard to keep handy in a wallet or purse in case of emergencies.
Though Tesla has the highest rate of theft recovery, it still looks to reduce the number of events which occur. Recently Tesla has addressed this problem by adding a PIN-to-drive function. This enables owners to require a PIN (in addition to a key fob or authenticated phone) before actually driving off with the vehicle.