Abstract:Modern connected vehicles rely on persistent LTE connectivity to enable remote diagnostics, over-the-air (OTA) updates, and critical safety services. While mobile network vulnerabilities are well documented in the smartphone ecosystem, their impact in safety-critical automotive settings remains insufficiently examined. In this work, we conduct a black-box, non-invasive security analysis of LTE connectivity in Tesla vehicles, including the Model 3 and Cybertruck, revealing systemic protocol weaknesses and architectural misconfigurations. We find that Tesla's telematics stack is susceptible to IMSI catching, rogue base station hijacking, and insecure fallback mechanisms that may silently degrade service availability. Furthermore, legacy control-plane configurations allow for silent SMS injection and broadcast message spoofing without driver awareness. These vulnerabilities have implications beyond a single vendor as they challenge core assumptions in regulatory frameworks like ISO/SAE 21434 and UN R155/R156, which require secure, traceable, and resilient telematics for type approval of modern vehicles.
Submission history
From: Evangelos Bitsikas [view email]
[v1]
Fri, 24 Oct 2025 21:03:48 UTC (11,209 KB)