Tesla Keyless Car Theft Vulnerability: PlaxidityX Discovers Important Vulnerability Security Flaw in Tesla Model 3

TL;DR

According to a UK news report, 58% of vehicle thefts in the UK between April 2023 and March 2024 can be attributed to keyless theft techniques. PlaxidityX Threat Labs research on a Tesla Model 3 reveals that even highly advanced vehicles are vulnerable to keyless theft. This case study highlights how attackers can exploit in-vehicle networks to bypass traditional protections, demonstrating the growing risk across the industry. This underscores the urgent need for proactive, real-time anti-theft solutions, such as PlaxidityX vDome, that are specially designed to protect vehicles against sophisticated keyless theft techniques.

We show up to the lab with coffee, whiteboards, and the kind of half-crazy question that makes everyone sit up: “What if we tried to steal the most advanced car in the world?” It’s part joke, part challenge – and it’s often how our most interesting discoveries begin.

Threat research here isn’t a checklist – it’s driven by imagination. It’s a daily decision: do we tackle privacy, probe an in-vehicle intrusion detection system, or try to understand whether a vehicle’s external interfaces could be compromised? We read papers, test assumptions, and sometimes pick targets because they raise the bar.

Thought experiments quickly become research projects – probing the systems designed to keep vehicles safe from digital theft. Some days end in frustration; other days end with that electrifying moment when a vulnerability is confirmed, and the implications sink in.

In this post, we’ll take you behind the scenes of a typical project at PlaxidityX Threat Labs: a bold idea from a brainstorming session that evolved into a real-world lesson about how connected cars can – and must – defend themselves against cyber theft.

Tesla as a Test Case for Keyless Car Theft

As the automotive cybersecurity industry scrambles to deal with the surge in cyber car theft using CAN injection and other sophisticated techniques, PlaxidityX has been proactively conducting in-depth research into vulnerabilities that could be exploited to steal a vehicle. Our goal in this project was to investigate whether it’s possible to steal a Tesla Model 3 using a CAN injection attack. Tesla was chosen as a test case precisely because of its industry-leading technologies and commitment to the highest levels of software development and security.

PlaxidityX owns a Tesla Model 3 that has been used in the past for various types of research projects. Using this vehicle, we made the relevant recordings of the network traffic in the vehicle], analyzed the data being sent over the CAN network and started to look for a way to hack into that data from an accessible connection. After several weeks of research, we discovered a vulnerability (CVE-2025-6785) in the vehicle network that allows an attacker to inject malicious CAN messages without needing key-based authentication or internal physical access. We found the same vulnerability on the Tesla Model Y as well.

CAN Injection Attack Scenario

We began by connecting a home-made device (similar to the ones criminals purchase on the dark net ) to the OBD (On-Board Diagnostics) port located behind the rear seat. We sent commands over the CAN network to shift the car into drive mode and start the engine, and we were able to drive away. This exploit was made much easier by the fact that in keyless entry systems (found in most modern models today), virtually all of the authentication is done via the network. There’s no need for a physical mechanism (e.g., key) to start the vehicle. Just decide where you want to go and you’re off.

Fortunately, before we disclosed this vulnerability to the relevant parties, Tesla independently discovered this issue in the relevant software version, made the fix, and issued an update (firmware version 2023.44) that renders this particular theft method ineffective. This means all new vehicles and those with automatic updates “enabled” are protected.

Implications for Car Owners

Despite Tesla’s quick and effective mitigation, during the interim period lasting several months (between the time we discovered the vulnerability and the release of Tesla’s software update), Tesla Model 3 vehicles were vulnerable to CAN injection attacks such as that performed by our researchers.

Even today, if for some reason your Tesla is still using the specific version from 2023 that had the vulnerability and you didn’t upgrade to the latest version, your car is still at risk of being stolen via CAN injection. Regardless of the type of car you drive, this vulnerability demonstrates why it’s so important for car owners to upgrade to the latest software version.

As vehicle technologies advance, cyber car thieves constantly hunt for new vehicle vulnerabilities and are already working on the next theft technique. Stay tuned for new discoveries as the PlaxidityX Threat Labs team continues to investigate and examine new vulnerabilities and threats in various vehicle models.

What This Means for OEMs

Given Tesla’s technological prowess and focus on security, this vulnerability highlights the importance of early-stage penetration testing for all OEMs, as well as the need for specialized anti-theft tools designed to mitigate sophisticated cyber theft techniques. If it was possible to steal a Tesla at the beginning of 2024 via CAN injection, just imagine how vulnerable the average car is to cyber theft.

Our research into the Tesla keyless theft vulnerability shows that even the most advanced and highly secure vehicles can be vulnerable to CAN injection and other keyless car theft techniques. As the volume of software in today’s vehicles continues to grow, so does the likelihood of having one or more vulnerabilities.

And vulnerability detection is not the only challenge. Once a vulnerability has been found in a vehicle already on the road, it takes time for an OEM to patch the software, identify the affected vehicles and release a software update. The question is – what happens in the meantime?

It is precisely this gap that has created a need for proactive keyless car theft prevention solutions, such as PlaxidityX vDome. This software solution detects cyber theft attempts in real time, and immediately triggers a prevention action to prevent the theft before it happens. Ongoing updates based on threat intelligence protect against future theft techniques and evolving attack vectors.

Contact us to learn more about how vDome can help you protect vehicles from the latest cyber theft techniques.

About PlaxidityX Threat Labs

PlaxidityX Threat Labs is a team of security researchers and data scientists who focus on innovation in the cybersecurity world, both from an offensive and a defensive perspective. They work hand-in-hand with the company’s product team to discover, understand and address real problems challenging the automotive industry.

This team, composed of seasoned cyber experts, is focused on finding vulnerabilities across the automotive ecosystem. They search for and thoroughly investigate potential vulnerabilities related to vehicle security, car theft and data privacy.

In many cases, they discover serious issues that impact both consumers and vehicle manufacturers (OEMs and Tier 1 suppliers). Their insights as white hat hackers often serve as the basis for new PlaxidityX products, such as vDome.

FAQ

• What is keyless car theft?

  Keyless car technology allows drivers to unlock and start their cars without physically inserting a key. While revolutionizing vehicle security and convenience, these systems have also introduced vulnerabilities that are being exploited by tech-savvy thieves. Keyless car theft techniques typically employ specialized devices, such as laptops and coding tools, to unlock and start vehicles in less than a minute. Examples of common keyless car theft techniques used today include CAN injection, OBD port hacking, key fob cloning, and relay attacks.

• What is the impact of keyless car theft on OEMs?

  Keyless car theft has become a systemic risk for automotive manufacturers, affecting brand reputation, regulatory compliance, and long-term vehicle cybersecurity strategy. As keyless theft methods proliferate, vulnerabilities can affect entire vehicle platforms, creating negative publicity and eroding customer confidence and sales. In addition, OEMs that have not taken sufficient measures to protect their vehicles from keyless car theft techniques potentially face serious legal consequences. From a regulatory standpoint, OEMs are required to identify, mitigate, and manage cybersecurity risks (also relevant for keyless theft techniques) throughout the vehicle lifecycle.

• What are the cost implications of keyless car theft for the automotive industry?

  Car theft is hitting record highs in the US and Canada, costing the industry billions of dollars annually and causing huge disruptions for car owners, OEMs, fleet operators and insurance companies. In the US, for example, more than 850,000 vehicles were stolen in 2024. Globally, approximately 60% of car theft incidents can be attributed to keyless theft techniques such as CAN injection and key fob duplication. In Canada, insurers are paying over $900 million annually in claim losses to replace stolen vehicles (2025).

• What is a CAN injection attack?

  This technique directly exploits vulnerabilities within a vehicle’s CAN bus protocol. Thieves use a “CAN invader” device to physically connect to the vehicle’s network, typically via seemingly inconspicuous points like headlight wiring or a diagnostics port. Malicious CAN messages are then injected into the vehicle’s internal network, mimicking legitimate commands (e.g., “start engine”). This malicious injection disables the immobilizer, unlocks the doors, and starts the engine.

• What is the best way to protect against keyless car theft?

  The next generation of vehicle protection requires proactive, adaptive, and intelligent systems. Platforms like vDome are designed to continuously update against new theft methods, providing real-time detection and prevention with zero false alarms. By integrating with ECUs and aftermarket devices, vDome offers layered defense against CAN injection and key fob replication attacks. To combat keyless theft, OEMs need an active, embedded agent that prevents theft at the source – rather than tracking a vehicle after it’s gone.