First Reported Model 3 Stolen?

Brokedoc

Kick-Gas Contributor
Joined
May 28, 2017
Messages
1,715
Location
New York
Tesla Owner
Model X
Country
Country
#1
Model 3 stolen from Mall of America and the thief apparently knew enough to disable remote apps/monitoring so it couldn't be GPS tracked. The owner was smart enough to check his supercharging fees and the car was recovered 1000 miles from where it was stolen.

Based on the article, I think Tesla gets some blame here as the thief was somehow able to access the person's account. With the new firmware versions just released, PIN to start the car is available. Might not be such a bad idea to use it...

http://amp.timeinc.net/thedrive/tec...of-america-using-only-a-smartphone?source=dam
 

Gavyne

Well-Known Member
Joined
Jul 7, 2018
Messages
348
Location
SoCal
Tesla Owner
Model 3
Country
Country
#2
Key here is he rented the car before and was able to pair his phone prior. Smart renters should only allow card access, and of course now do the PIN code option.
 

MelindaV

☰ > 3
Moderator
Joined
Apr 2, 2016
Messages
9,406
Location
Vancouver, WA
Tesla Owner
Model 3
Country
Country
#5
Not sure if the story was updated after @Brokedoc orig linked to it, but this really seams like much of the blame should be on the rental company and bad security practices. The alleged thief did not hack the car, or otherwise breakin to be able to drive off in it. Tesla has confirmed the car Still had that person’s phone in the car’s authorized ‘keys’. The rental company’s lack of precaution allowed the person to drive away with it. There is a reason ‘real’ rental companies have their car lots secured - because they know a previous renter could have gotten another key made (some cars make this much more difficult, but many even today would still easily be able to be done). It sounds like this came out of opportunity. (If a jewelry store is left unlocked with product on the counter and they are robbed over night, how much of the blame is on the one who didn’t secure it vs the thief?)
Why would a renter need to have their phone set up at all? I’ve rented from turo twice now, and each was given the key card only. The only downside on a couple day rental was needing to unlock the car with the card prior to getting into the trunk. Otherwise using the card was perfectly acceptable in using the car.
 

PNWmisty

Legendary Member
Joined
Aug 19, 2017
Messages
2,539
Location
Anacortes, WA
Country
Country
#6
Yeah, can’t wait for this on the 3, very smart feature!!
I would rather have robust security built into the usual means of unlock/lock. I believe the Model 3 currently has robust security but, of course, anything can be hacked but if it's good enough then there are always easier targets.

One of the strengths of the Model 3 is its extreme simplicity of use. Tesla has managed to reduce the number of steps to drive/park to the absolute minimum. Even if the PIN code could be turned off in the menus, it would be one more option cluttering up the menu and making it incrementally harder to find the setting you were actually looking for. This is a problem if too many optional settings are offered so options should be limited to functions that actually add value. And if the normal method of entry/ start are secure, a PIN option adds no value.
 

SoFlaModel3

@Teslatunity
Moderator
TOO Supporting Member
Joined
Apr 15, 2017
Messages
9,770
Location
Florida
Tesla Owner
Model 3
Country
Country
#7
I would rather have robust security built into the usual means of unlock/lock. I believe the Model 3 currently has robust security but, of course, anything can be hacked but if it's good enough then there are always easier targets.

One of the strengths of the Model 3 is its extreme simplicity of use. Tesla has managed to reduce the number of steps to drive/park to the absolute minimum. Even if the PIN code could be turned off in the menus, it would be one more option cluttering up the menu and making it incrementally harder to find the setting you were actually looking for. This is a problem if too many optional settings are offered so options should be limited to functions that actually add value. And if the normal method of entry/ start are secure, a PIN option adds no value.
I think it’s a nice failsafe.

My house has locks, it doesn’t mean I don’t want to have an alarm.
 

PNWmisty

Legendary Member
Joined
Aug 19, 2017
Messages
2,539
Location
Anacortes, WA
Country
Country
#8
I think it’s a nice failsafe.

My house has locks, it doesn’t mean I don’t want to have an alarm.
There's not such a thing as "failsafe".

An alarm adds more functionality. If the entry method is secure, an additional pin doesn't add any additional functionality. If you forget to lock your vehicle, it still can't be driven by someone without a key.
 

SoFlaModel3

@Teslatunity
Moderator
TOO Supporting Member
Joined
Apr 15, 2017
Messages
9,770
Location
Florida
Tesla Owner
Model 3
Country
Country
#9
There's not such a thing as "failsafe".

An alarm adds more functionality. If the entry method is secure, an additional pin doesn't add any additional functionality. If you forget to lock your vehicle, it still can't be driven by someone without a key.
That’s a good point!
 

garsh

Dis Member
Moderator
TOO Supporting Member
Joined
Apr 4, 2016
Messages
10,859
Location
Pittsburgh PA
Tesla Owner
Model 3
Country
Country
#10
There's not such a thing as "failsafe"
Tesla is creating two-factor authentication for driving the vehicle. This is a good, general, modern security practice. 2FA traditionally includes two things:
  • Something you have
  • Something you know
The "something you have" is your keycard or phone. The "something you know" is the pin. Each individual aspect is actually kind of weak in the case of a Tesla.

There are multiple keycards & phones that work with the car, and the ease of duplicating a phone depends on what kind of authentication the phone itself is employing. Ideally, there would be a single hardware token that cannot be duplicated.

Likewise, the "pin" in this case is limited to four numbers, making it pretty weak. Also, the keypad on the screen will probably reveal the 4 numbers used via fingerprints, making it somewhat easy to guess.

So, it's good that Teslas have the option of 2FA, but I'd like to see it strengthened a bit.
 

SalisburySam

Well-Known Member
TOO Supporting Member
Joined
Jun 6, 2018
Messages
250
Location
Salisbury, NC
Tesla Owner
Model 3
Country
Country
#11
Tesla is creating two-factor authentication for driving the vehicle. This is a good, general, modern security practice.
As vehicles evolve to computers with ancillary transport equipment, hacking and theft of the sort used to steal data become greater issues. The 2FA approach is one example of an extra layer of security to make access significantly more difficult. But the cost of doing so is convenience. Most online banking today requires some sort of 2FA such as entering a code sent to the customer either as a text message or an email. This code then permits you to complete the login process and do your business. Under normal driving circumstances, this is just an annoyance. Under any other situation, it is a non-starter (pun intended).

In the iOS world, online banking apps with 2FA permit the use of fingerprint or facial scan to take the place of sending a token to you and having you copy or type it in to complete the login. Much faster, less annoying, and arguably equivalent security. I would be willing to press somewhere on the screen to provide a fingerprint or have the inside camera (when enabled) recognize me as an extra security precaution. I am not willing to await a code, type or copy it into the system, and then be able to start my car. Especially with the code having to beam back to Tesla's mothership for authentication in areas with limited or no WiFi or cellular service.

I would rather have robust security built into the usual means of unlock/lock.
I agree. Although there are likely some use cases where the extra steps required of robust 2FA are perhaps necessary (e.g., rentals maybe?), these extras really will detract from the simplicity of the Model 3 driving experience and generate, at best, lots of complaints. My 2012 Nissan LEAF has this colossally bothersome nag screen you have to act upon every single time the vehicle is started. The complaints in blogs and forums are legion, and even Nissan changed it to a monthly nag in later models. It was the one and only single thing about my entire LEAF ownership that from day one to today I loath about this otherwise great car.

Whew! I guess I've exceeded my posting quota today, for which I humbly apologize.
 

PNWmisty

Legendary Member
Joined
Aug 19, 2017
Messages
2,539
Location
Anacortes, WA
Country
Country
#12
So, it's good that Teslas have the option of 2FA, but I'd like to see it strengthened a bit.
It's a friggin car! I guess I'm desensitized to theft for a few reasons:

1) I am totally accustomed to starting cars with a metal key. Anyone could copy it. If someone wanting to steal my car didn't have a key they could just twist two wires together, touch two more, and be on their way. Or hammer a BF screwdriver in the key slot and turn real hard. It's just a car.
2) It's just a car.
3) It's insured.
4) Where there's a will, there's a way. And if they want to steal it that badly, they might just force you to go with them to make it easier.
5) I have two legs and more important things to think about.
6) Before I had cars, I only had motorcycles. Anyone, with a couple helpers, could just put them in a van and drive away. I would park them in remote areas when going backpacking. No one ever stole any of my motorcycles, let alone my cars.
7) If I lived somewhere I needed to worry about it, I would move somewhere where I didn't.
8) The Model 3 can be tracked electronically.
9) It's just a car.

That said, I would be really sad if someone stole my Model 3 because it would take longer than just about any other car to replace and while it's just a car, it's the nicest car I've ever had (but not the most expensive). But it's one of the hardest cars in the world to successfully steal so I'm not concerned.
 

Evoto Rentals

Member
TOO Advertiser
Joined
Jan 18, 2017
Messages
8
Location
Montreal, QC
Country
Country
#14
HOW OUR TESLA WAS STOLEN IN CANADA, SHIPPED ACROSS THE WORLD AND WE GOT IT BACK

A while ago, a renter used a fake id and burner cell phone to rent a Tesla from us. They paid using a prepaid credit card for a long rental. But they had other plans.
They took the car to a crater / container packaging & shipping company to have it packed in a container to ship to the Middle East.

Our rental cars are set up in a way where no one can disable the remote monitoring. So we were able to track the car to the shipping company.
Following the paperwork, we were able to uncover the destination of where our Tesla was heading and the container & ship it was on.

We got suspicious when the rented car was at that location for a few days without movement.*
The Tesla app locator helped us get a warrant to search the place
We involved the police and went to seize the car but we had just missed them and the car was on a ship to the Middle East.

Our management and lawyers involved RCMP and INTERPOL (not an easy task) and the container was seized in Italy and shipped back to us.
Of course this was after lots of lawyer work and paperwork across the ocean, but our Tesla came back in one piece.

We are not sure why car thieves think they can steal a GPS enabled Tesla and ship it to another country (we were guessing UAE or Jordan as they are the only 2 countries with a supercharger network) where Tesla can disable supercharging and other features of the car making it obsolete.

Toronto and Montreal have had record high car thefts and what is referred to as friendly fraud (renting a car under false pretence) in the past few years due to the close access to the Montreal port for shipping and minimal repercussions of the crime. There is a political tug of war between the border force & the local police as well as the Federal police (RCMP) over who needs to police this as well as a lack of funding and time to scan each container but that is a whole other story.
Border officers frustrated at police inaction over stolen cars being exported through Montreal

(The stolen Tesla was put with another ICE car in a container designated to carry scrap metal)

Today we run background checks on every customer & have a second GPS tracking system on our fleet.
I guess the record remains great at 113 out of 116 stolen Teslas retrieved!
Stolen Tesla vehicles in the US have almost all been recovered: 112 out of 115

*Details for this part is for Tesla owners only (we will not be publishing the following):
It seems Tesla's native GPS tracker does not register movement if the car is on a flat bed i.e. not using its wheels to drive
It will register an old tow truck since the wheels are spinning but then again the thief can disable the battery
The app will ping the last spot the car had reached before being put on a flat bed or in a container
Though the app did help us locate the car's last known location and obtain a warrant for the search, the triangle was greyed out
We strongly recommend a 3rd party tracking company like TAG in Canada which doesn't rely on the car to power its system
And where the system's logo on your window alone deters thieves in the first place.


Pin to Drive + TAG is the way to go
 
Last edited:

Evoto Rentals

Member
TOO Advertiser
Joined
Jan 18, 2017
Messages
8
Location
Montreal, QC
Country
Country
#15
Not sure if the story was updated after @Brokedoc orig linked to it, but this really seams like much of the blame should be on the rental company and bad security practices. The alleged thief did not hack the car, or otherwise breakin to be able to drive off in it. Tesla has confirmed the car Still had that person’s phone in the car’s authorized ‘keys’. The rental company’s lack of precaution allowed the person to drive away with it. There is a reason ‘real’ rental companies have their car lots secured - because they know a previous renter could have gotten another key made (some cars make this much more difficult, but many even today would still easily be able to be done). It sounds like this came out of opportunity. (If a jewelry store is left unlocked with product on the counter and they are robbed over night, how much of the blame is on the one who didn’t secure it vs the thief?)
Why would a renter need to have their phone set up at all? I’ve rented from turo twice now, and each was given the key card only. The only downside on a couple day rental was needing to unlock the car with the card prior to getting into the trunk. Otherwise using the card was perfectly acceptable in using the car.
Sometimes you can't do anything if the the person legitimately rents the car and pays for the rental. This is considered "friendly fraud". It happened to us with our Model S read the full story here: https://teslaownersonline.com/threa...ed-across-the-world-and-we-got-it-back.11531/

This is when a person rented the car for 10 days, paid (using a prepaid credit card) and provided an ID that was later discovered to be fake. When we tracked the car, we found he had also taken an ICE car from one of the largest Rental company brands worldwide. We now run background checks and have a third party Tracking installed on all our cars (called TAG in Canada). They have a 100% recovery rate. Another trick they use is they call their credit card company and claim they never rented a car in the first place. The credit card then refunds them the money (someone tried that as well but we contested it and provided proof). There will always be someone that wants to game the system whether its fraud or getting away with something that isn't theirs. Its part of the risk of running any business. The best thing to do is put things in place to minimize this.
 

JasonF

Top-Contributor
Joined
Oct 26, 2018
Messages
817
Location
Orlando FL
Tesla Owner
Model 3
Country
Country
#16
Awesome, I hope word gets out about this. At the very least, shady shippers might refuse to take Teslas because they can't be sure that putting just one in a container won't ruin their entire business. Which in turn will make pro thieves avoid them, since they can't sell them to anyone.