Tesla Owner Accidentally Proves How Easy It Is to Drive Away in Someone Else's Model 3

It seems like the smarter cars get, the more issues they present to their owners, issues that wouldn't have been a problem in vehicles using less-sophisticated, analog solutions. As useful as advanced technology can be for automobiles, there are times when it makes things more cumbersome than convenient. For instance, when a Tesla employee mistakenly registered the wrong VIN, it caused owners from different parts of the globe to lose control of certain functions on their Model 3s simultaneously.

While this may have been just another case of human error, it doesn't undermine the potential dangers of vehicles that have become increasingly reliant on software. As if thieves didn't have enough ways to break into a car already, tech-heavy EVs now present even more opportunities for exploiting vehicle security via hacking.

Deliberately breaking into a vehicle's defenses is one thing, managing to do the same without exactly trying to, is another. This is pretty much what went down in Canada when Tesla owner Rajesh Randev inadvertently found another method of breaching a Model 3's security using nothing but the official app itself.

A Tesla App mishap made entry too easy

Randev explained his app basically unlocked the wrong Model 3, one that was parked next to his. It wasn't until Randev noticed the car's cracked windshield that he realized the Model 3 he was driving wasn't his, to begin with. The man suspects that a glitch in the app might've been the culprit, as he was still able to drive the stranger's car for over an hour before eventually returning it to its rightful owner.

If that's the case, Randev's app surely wasn't the only one affected by the software bug, considering how the other car's owner was capable of doing the same thing on his Model 3. Since Randev's particular example also sported a different set of wheels, the only other defining feature that both Model 3s had in common was their color (white).

It's unclear whether or not the alleged glitch would also allow other Model 3s of the same color to be unlocked and driven in a similar fashion, or if it simply required both cars and their owners to be within close proximity of each other. Regardless, the Tesla owner expressed concern over how easily he was able to commandeer someone else's vehicle without much resistance from the car's anti-theft system.

Randev claims he tried reporting the incident to Tesla but is yet to receive a response. If his concerns were to be disregarded, it wouldn't be the first time Tesla ignored a security warning. In 2022, cybersecurity firm NCC warned Tesla about a particular security vulnerability by demonstrating how a Model Y can be hacked using a Bluetooth relay exploit.

Doing so didn't just grant access inside the car, it allowed people to drive it without requiring its owner's key fob. The fact that the whole process can be done in a matter of seconds doesn't exactly help put the owner's minds at ease, and that's just one problem.

Is the app as problematic as hackers?

Aside from a good old-fashioned relay attack, owners were also susceptible to so-called replay attacks – a method of spoofing the car's security measures by replicating radio signals of their keys. You might assume that attempting to break into a cutting-edge EV costing upwards of $80,000 would require some serious hardware, but it turns out that anyone with a laptop, decent hacking skills and a $20 budget can unlock Teslas under the right circumstances. On top of crafty hackers, however, there's another thing that can be equally troublesome: the Tesla app itself.

Although Teslas are equipped with a slew of anti-intrusion sensors, cameras, and alarms, these can be rendered useless once a bad actor has compromised a user's app. NCC advised owners to disable the app's passive entry feature as a countermeasure against relay attacks. Enabling two-factor authentication also helps in deterring thieves from brute-forcing themselves into the user's account. That's not to say Tesla owners will be safe in the event that the app starts acting up, even without any intervention from hackers. Unfortunately, the app isn't just prone to letting strangers in, as Randev experienced first-hand; it can also keep the owners themselves out.

In 2021, a Tesla app outage prevented users from accessing their vehicles, locking them out until the company was able to resolve the issue. In such cases, owners are at the mercy of Tesla's servers and their car's technology, which doesn't seem very comforting, especially for vehicles the company claims were made with the “highest standards of safety” in mind. So, the next time you drive a Tesla home, perhaps it would be best to make sure you're in the right one before driving off.