The problem could become more prevalent as more brands move to phone-based keys
A 21-year-old man has been arrested in Texas after stealing a Tesla Model 3 from a rental company using only the Tesla app, hinting at what could become a more common issue across the industry.
It’s believed the man gained access to the car by manipulating the Tesla app to unlock and start it, as well as disable GPS tracking.
Computer forensics specialist, Mark Lanterman, believes the suspect was able to do this using a loophole in Tesla’s procedures.
“What it sounds like this person may have done is convince Tesla to take the VIN number of that vehicle and add it to his Tesla account,” he said in a statement quoted by Electrek.
“By doing that, you can do that with a phone call. By doing that, you can now control the Tesla from an app on your phone.”
This procedure is usually reserved for Tesla owners with loan vehicles who wish to use mobile features, such as unlocking and starting the car without the need for keys.
The suspect had previously rented the same car from Trevls, and had his phone linked to the car while in his possession. The rental company’s CEO said his authentication was removed when the car was returned, and wasn’t able to confirm how the suspect managed to get in a second time around.
Despite disabling GPS tracking, the suspect was caught because the car’s owners could see when and where he was stopping to charge the car at Tesla’s supercharger points.
The security element of remotely accessed cars will likely grow in relevance over the coming years, with more manufacturers such as Lynk & Co and Volvo looking to do away with traditional keys in future models.
Although they’re designed to make life easier for people who want to loan their cars to friends or family members, and potentially open the door for more advanced car sharing, there’s also a new set of risks associated with relying on a digital key.
MORE: Tesla news, reviews, comparisons and videos