Security Analysis of LTE Connectivity in Connected Cars: A Case Study of Tesla

TL;DR

This paper presents a security analysis of LTE connectivity in Tesla vehicles, revealing systemic vulnerabilities that could compromise safety and challenge existing automotive cybersecurity standards.

Contribution

It provides a novel black-box analysis of LTE in connected cars, identifying specific protocol weaknesses and architectural misconfigurations in Tesla's telematics system.

Findings

Susceptibility to IMSI catching and rogue base station hijacking

Insecure fallback mechanisms degrading service silently

Legacy configurations enabling silent SMS injection and spoofing

Abstract

Modern connected vehicles rely on persistent LTE connectivity to enable remote diagnostics, over-the-air (OTA) updates, and critical safety services. While mobile network vulnerabilities are well documented in the smartphone ecosystem, their impact in safety-critical automotive settings remains insufficiently examined. In this work, we conduct a black-box, non-invasive security analysis of LTE connectivity in Tesla vehicles, including the Model 3 and Cybertruck, revealing systemic protocol weaknesses and architectural misconfigurations. We find that Tesla's telematics stack is susceptible to IMSI catching, rogue base station hijacking, and insecure fallback mechanisms that may silently degrade service availability. Furthermore, legacy control-plane configurations allow for silent SMS injection and broadcast message spoofing without driver awareness. These vulnerabilities have implications beyond a single vendor as they challenge core assumptions in regulatory frameworks like ISO/SAE 21434 and UN R155/R156, which require secure, traceable, and resilient telematics for type approval of modern vehicles.