In the wee small hours of Sunday morning, two masked criminals began to meddle with a Tesla Model S on a driveway in Essex, England.
British tech executive Antony Kennedy was about to have his Tesla Model S stolen. But only after the thieves struggled (for a while) to unplug it.
Watching Kennedy’s video of the theft, it appears that the two criminals used a “relay attack”, where a signal from a nearby key fob (in this case, out of range of the car inside Kennedy’s darkened house) is boosted to a location close to the car.
And because the Tesla Model S, as with other luxury cars, can automatically unlock itself just by sensing that someone in close proximity to it is carrying an authorised key fob, the car can be driven away in seconds.
Such “passive entry” systems may be awfully convenient and impress your non-Tesla owning friends, but if a thief manages to recreate your key fob’s signal and is able to enter and drive away with your vehicle, you may decide that they are perhaps a gimmick too far.
A Tesla, of course, comes with a GPS signal that could be tracked by police using the associated smartphone app to recover the vehicle. That’ll work – if the criminals do not manage to block the GPS signal, as they appear to have done in Kennedy’s case (who, by the way, says that Essex Police still haven’t phoned him back.)
It may be too late for Antony Kennedy and his Tesla Model S, but here are some tips for other owners:
- Enable “PIN to drive”.
- When you’re not planning to use your key fob, keep it inside a RFID-blocking sleeve or “Faraday pouch” to block unauthorised electromagnetic transmissions.
- Don’t leave passive entry enabled
Kennedy tweeted troubled Tesla founder Elon Musk to moan that it was far too easy for criminals to disable remote access on stolen cars. Maybe a PIN or password would be a good idea?
@elonmusk My @tesla was stolen this morning, with just a tablet and a phone extending my fob range from the back of the house. I get that I should enabled PIN access. I wish it was harder for them to disable remote access though. I can’t track it or disable it. :(
— Antony Kennedy (@booshtukka) October 21, 2018
Musk hasn’t replied.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.