Any Hacker Can Steal Tesla Model 3 From Anywhere Using Only A Smartphone

After several humiliating months for Elon Musk and Tesla, the company may have just set a new standard for embarrassing itself when one of its Model 3 vehicles was allegedly stolen from the Mall of America by a 21-year-old, using only his smartphone.

In what will likely come as a blow for confidence in Tesla's software security and deeply troubling set of circumstances for the folks at Tesla customer service, The Drive reported that the car was stolen after Tesla customer service, over the phone, reportedly "handed the thief the keys" by allowing him to add the car, by VIN number, to his Tesla account. The alleged thief then made it 1,000 miles before being caught.

Once inside, the thief disabled the car's GPS tracking system and nearly got away scott-free. After stealing the vehicle, he was found days later in Waco, Texas and was only able to be tracked by monitoring where he was accessing Superchargers along the way. The Model 3 was owned by a Tesla rental company named Trevla, that has store space inside of the Mall of America. The alleged thief had rented vehicles from this company at least six times prior to the theft taking place and the owner of Trevla vaguely recalled that the same person had bragged in the past about how well he knew Tesla security systems. This made him a prime suspect after the vehicle was reported missing.

This leads to an obvious assumption: somebody who can disable Supercharger tracking, and who wouldn’t be foolish enough to brag about their ability to thwart Tesla security, may have easily gotten away with the theft.

But of course, just like in many Autopilot accidents, Tesla claims it was somebody else's fault - not theirs. Tesla claimed to electrek that the thief had already authenticated the car through his smartphone prior, ostensibly during a time that he had rented it in the past. This would shift the blame to the rental company. However, the owner of the rental company said that this wasn’t the case, and that he had disabled access to the vehicle after the alleged thief's prior rental. This would shift the blame back to Tesla.

To us, this sounds like Tesla is trying to cover up the fact that its "secure" and "convenient" method for allowing people to access their vehicles actually just makes them easy targets to be stolen.

The primary way that customers get into and drive their Model 3s is by using a smartphone. There is a back up key card that can also be used in case of emergencies. But as of now, Tesla owners need to make peace with the fact that apparently any person who is capable of calling Tesla customer service and simply lying to them may be able to steal their vehicles.

Tesla has been trying to stave off occurrences of theft by adding a PIN number that drivers must use in order to drive a vehicle. Instead, this just adds another step for drivers before they can get on the road - and it seems to make the "convenience" of accessing your car with a smartphone pointless, in what appears to be yet another dead-end "innovation" from the Tesla path-forgers.