Just In Case You Want To Charge Your Neighbor’s Tesla

Tesla vehicles have a charging port that is under a cover that only opens on command from a charging station. Well, maybe not only. [IfNotPike] reports that he was able to replay the 315MHz signal using a software defined radio and pop the port open on any Tesla he happened to be near.

Apparently, opening the charging port isn’t the end of the world since there isn’t much you can do with the charging port other than charging the car. At least, that we know of. If history shows anything, it is that anything you can get to will be exploited eventually.

Apparently, it was as simple as record and replay to get the sesame to open. However, if you are too lazy to get to do your own recording, GitHub can help you out.

While this seems benign, it also seems like it would have been easy enough to avoid this problem. We get that you don’t want something as mundane as having to push a button to open your charging port, but we can think of half a dozen ways that would work fine and wouldn’t be subject to people opening your hatch from a long distance away.

Cars seem to have a history of having worse security than garage door openers. Seriously.

67 thoughts on “Just In Case You Want To Charge Your Neighbor’s Tesla

  1. So what?

    I can open the ‘charger port’ on almost any ICE car on the road (you may know it as the gas cap), and I’m not aware of any wide-spread shenanigans.

    Why couldn’t it be enough to say that Teslas open their charger doors when they get close to a charging station, which emits a simple signal in the 315 MHz frequency range?

    “Tesla vehicles have a charging port that is under a cover that only opens on command from a charging station.”

    Is there really no other way to open the charging port on a Tesla? Really? There’s no button, lever, menu item, etc?

    1. “I can open the ‘charger port’ on almost any ICE car on the road”

      No you can’t. All ICE car gas flaps (manufactured in this millennium) are locked when the car is also locked.

          1. My 2015 Ford Focus has no lock. It’s a push-push mechanism, with not even so much as a gas cap on it. I haven’t seen a _locking_ gas door in a long time. Sure you’re looking at vehicles that are 2015+? It’s definitely a car thing.

          2. I have a 2016 RAV4 and my gas door locks, so…seems to be somewhat common. I worked in the vehicle rental industry. It depends on the manufacturer, not the year.

        1. I think that is a pickup thing, being designed more as business vehicles.

          All ‘normal’ cars I have seen lock the cap. Most leave it unlocked for a few minutes after turning off the car so you can fill up easily without the key, so most people don’t notice.

          There usually also is a mesh inside the fill port to prevent fuel theft.

        1. Heheh. Tale er sølv tavshed er guld. Jeg har købt en remote på wish der er universal tesla alle modeller hele verden
          Jeg bor I Denmark =eu. Men den køre 315mhz og underligt nok virker den fint men min flipper zero bruger jeg 433mhz på før det virker.
          Når jeg aflæser universal remoten så det somsagt 315mhz
          Er der en klog forklaring på hvorfor????
          Have a good day

    2. Wide spread shenanigans? Where do you live?

      Because in the rest of the world, full of thieves and scammers, gas caps lock or the cover has to be opened from inside the car. For decades now.
      Hence the scumbags steal gas by drilling holes into plastic gas tanks now.

      Charge ports aren’t particularly ‘exploitable’ (as far as I can see).
      But lazy habits are likely carried into other areas of the car.

      Let us send Teslas an unauthorized update, that bricks them all.
      But first out of the money puts, lots of them.

      1. On many modern cars their drivers don’t necessarily even know the gas cap lid locks up. Often it is set up so that it stays unlocked for a couple of minutes after turning off the vehicle, which is enough to cover 99% of situations where you would want to fill the tank.

      2. Can’t wait to laugh when drilling eventually goes wrong. Not about the people being desperate… but turn off the lights, wait for your eyes to adjust and pull the trigger on your drill while looking into the vent ports. Spoiler, big blue sparks. :-D

    3. “On a command from the charging station” Not really. You can open it by tapping the cover or by pressing one of a couple buttons on the front screen. And I’ve yet to see one “automatically” open the charge port anywhere

    4. > Is there really no other way to open the charging port on a Tesla? Really? There’s no button, lever, menu item, etc?

      Since you ask, you can open a Tesla charge port when the car is unlocked and in park by

      – tapping it
      – pressing an icon on the screen inside
      – pressing a button on the charger cord (this is the 315 MHz one)
      – pressing an icon on the phone app (uses either WiFi or cellular data)
      – pressing the button on any public charger cord (also 315 MHz)
      – pulling a cable that can be accessed by removing part of the trunk lining

      I don’t think any of these work when the car is locked (except the cable), but haven’t tested them all. My car unlocks itself every time my phone gets near.

      1. Per the fine manual (https://www.tesla.com/ownersmanual/models/en_us/GUID-BEE08D47-0CE0-4BDD-83F2-9854FB3D578F.html) being able to open the charging port with the 315MHz signal without the car being unlocked and/or a key seems to be a design decision. (this duplicates what kbob stated)

        We can argue if it is a good design, but it is on purpose and documented (so IMaO, this isn’t much of a hack).

        Given that the signal seems to be built into non-Tesla chargers, this is probably also doable on most if not all EVs (maybe with a “key must be present” feature).

  2. It’s when the power connector gives you access to the CAN bus, letting you unlock/start the vehicle/give it a way point to steal itself or perhaps it’s bidirectional under certain circumstances and you can syphon the electricity out.

  3. On my Tesla it only lets you open the port when the car is unlocked. The reason there is no auth on this is so you can open it with public superchargers. If it is raining for example the capacitive touch sensor on the cover wont always work.

        1. I find 9 out of 10 teslas will pop their fuel cap when the radio signal is broadcasted. Surely 1 out of 10 can’t be the only teslas with locked doors. I’m not sure why they refuse to play the game, but some don’t.

    1. i can open a gas cap if it is iced over, in a hail storm, under water, on the moon. weather conditions and infrastructure should not matter when it comes to a piece of equipment thay is meant to improve survival rates and quality of life. hence why a proper paper map will always be better than a phone in an emergency and why a proper radio will always be better than a phone. the tool fits.the job and does said jon no matter what. i would choose a good dog over a cell phone in an emergency any day of the week. electric cars being the cell phone and almost anything without a computational device being the dog. “smart” cars are literally dumb as hell.

  4. We have truly entered the 21 century, history will eventually look back and see:
    R.I.P.: Internal Combustion Engine, and short lengths of hose to syphon petroleum.
    Hello: bi-directional charging ports, and short lengths of wire to syphon electricity.

    1. But fear not, in the 22-24 century, history will eventually look back and see:
      R.I.P.: bi-directional charging ports, and short lengths of wire to syphon electricity.
      Hello: Spaceship Engines, and short lengths of hose to syphon rocket fuel.

  5. Put said transmitter on a UAV with a 20W amplifier. Effect still limited to mild annoyance but at scale. That said providing mild annoyance at scale has been the main stay for many a TV and radio host for many years.

  6. Apparently, teslas use some variant of homeplug on the charging wires to do proprietary comms between the car and tesla supercharger.. this is separate from the (very basic) standardised non charge pin functions.. If this homeplug interface is ip, it may be possible to gain access to the car’s internal “secure” network…

  7. I wonder how long before they change it for a rolling code. Or better yet, have the car talk to the charger to give a seed and the charger sends back an answer the car can verify.

  8. So “you get what you pay for”? :P
    I know people that has poured sugar in a gasoline tank with funny effects.
    I can imagine same people.making a short circuit putting ONE wire bridging the two poles. Nice to see…

  9. any vehicle designed with automated or non-manual mechanisms is missing the design goal of said vehicle… for it to be continually operable for as long as possible. motors, excess wiring are just waiting to fail. where a good old fashioned latch will last an eternity. i have known a few people to even avoid electric windows for longevity’s sake. eg expensive auto opening hatches. i also hate those because they are too slow. the more simplified the mechanism that can be used to achieve the goal, the better in my book.

    1. Electric vs. manual window reliability sounds reasonable, but not born out by my experience. Electric windows seem to be very reliable these days. The past four cars I’ve owned/own all had or have electric windows and none have failed nor any problems. I had owned/are owning them for 13, 10, 17, and 11 years.

      1. i have 20 year old electric windows. and my original gas shocks on the hatch. but they are starting to wear down. im afraid to look at the cost and availability of replacements for the electric motors as it is now a “classic”. hope i can get another 20 years out of them. just sayin, that chinsy looking hatch seems like it would break in no time flat. or get gunked up with tree sap or other debris. when i was younger i worked at a car wash… serviced over 300 cars a day… fancy mechanisms always seemed to be broken on cars that were relatively new. i especially noticed the shoddy interior bits on vw cars were nearly always broken because they all had some overly complex mechanism for opening a lid or compartment. it was gimmicky and laughably weak in design.

    2. Having owned 20+ cars in my life, the only window mechanism I’ve ever had fail was a manual one on a Jeep Cherokee. Not sure what nonsense you’re talking about, mechanical latches fail all the time.

  10. while we are on the subject of tesla cars…. they are easy to break. little more than rich boy toys. also super useless for doing anything other than transporting humans on the best paved roads. they have nothing to offer anyone that does real work, or does anything outside of transporting useless human meat to the grocery store.

    on the other hand, my 20 year old classic car can carry small water craft on top, no less than 10 sheets of 3/4 inch plywood, fit 5 humans and 3 monster dogs at the same time, and still get 30mpg highway, oh, and will still give that shit tesla a run for its money as soon as you make them the same weight, ie: add an actual real world workload to that turd and it’s garbage suspension system. i will so throw that tesla turd in the dust on any back road or offroad scenario.

    we could continue to run ice engine cars for literally a thousand years if we just got rid of our military industrial complex. and a single cruise ship off the ocean produces as much carbon as every single car in the uk.

    stop letting corporate propaganda make you think that you are the problem and point the finger in the right direction. thanks..

    1. You get a boat, 10 sheets of ply, 5 humans and 3 “monster” dogs in a car at the same time and manage to get 30mpg. If I’ve understood you correct I find that hard to believe.

      1. manual transmission. i can milk it. also, I draft semi trucks to save gas once I hit the highway. I can toss it in neutral when a red light pops up. And I generally try to gain most of my speed when going down a hill, and go soft on the gas when i’m going up a hill. I regularly drive it with my boat on top and literally run it all the way out to accelerate and i still get at or over the manufacturer rated mpg’s when i do the math at fill up. Some engines and cars are just better than others. Granted, my car is older when the regulations for mpgs were no where near as harsh. You buy your car for your use case, not the numbers on the side. If ya don’t believe me, go back to that old episode of top gear where Clarkson Hammond and May ran a prius and a diesel v8 around the track as hard as they could to see which one got the best gas mileage. spoiler alert… if you don’t drive a prius like a grandma, then you get garbage gas mileage. It’s sort of fun to do eco runs when you have nothing but the analog gas gauge mileage counter, and your rev meter to go by. I mean, knowing the available torque at any given rpm range helps get better mileage as well. I took a 13 camry that was getting 21mpgs according to the dash, and got it up to 30 just based on how I drive it and how I time the stop lights. Avoiding big clumps of traffic tends to help because people tend to accelerate than smash the brakes quite often. So just hanging back and letting a few people pass and holding your speed as consistently as possible appears to work rather well. If ya really wanna save cash on gas, change the time that you travel if you can to avoid big rushes. eg: if i leave to pick up my kid from school 5 minutes earlier, I avoid most of the traffic. Oh, and btw… it’s an all wheel drive car to boot. I shouldn’t be able to get that kind of gas mileage. Also, it gets better mileage on premium, which costs more, so I have to do a cost to mileage calculation when I fill up, lately premium is too expensive for me to hit that 30mpg, so I sacrifice a few mpg’s to save money.

        1. Better mileage on premium is a myth, at least on my (well-maintained) car. I’ve tried to assemble statistics with going 1 year on premium fuel and 1 year on regular fuel, and I couldn’t see any difference.

          1. It’s very much a “swings and roundabouts” kind of thing. There are numerous variables, some of which are best regarded as constants as it is difficult/expensive to change them. In the situation of a built for Europe car introduced into North America, it’s quite likely the case that it is higher compression for Euro 98 octane, which is equivalent I think to 96 octane North American because of different octane rating standards, RON vs (MON+RON)/2. Those motors often have an ignition retard program in the ECU for running on 88 octane, which results in poor mileage, vs the premium they are best tuned for, where tune is a combo of cam profiles and timing, ignition timing and compression. This seems a little ass backwards because higher octane is a little less BTU per pound, but it’s a question of the flame speed, piston speed and getting all the oomph to the crankshaft. I think even rod ratios can affect it. Basically at higher compression on lower octane, the bang happens too fast and before all the pressure can be converted to mechanical energy, some of it is lost to the cylinder walls as heat.

            In one motor I was running over a decade back, I had mechanical control of base ignition advance, I advanced it for best MPG on regular… imagine my surprise, when on one occasion it turned out the regular pump was broke at a station and I put midgrade in, that it did 5% better still on that… it wasn’t the one off either… every time midgrade got within 5% of regular, I tried it again, and yup, 5% better mileage… having confirmed that to my own satisfaction, I put a tank of premium in it… annnnnd… worse mileage than regular… weird huh? IDK if I could have got the base timing tweaked a tad more to do even better on midgrade and good on premium, but I figured there might only be a percent or two in it, and midgrade pricing was yoyo-ing between 3 and 15% difference, so didn’t wanna screw up the mpg gain on regular, for a maybe on midgrade when the price difference might kill savings half the time.

            Other motors, I have tried some adjustments and fudging sensors a little for more advance, but the OBDII ECUs usually tune it out within half a tank so null results prevail.

        2. Some cars get better mileage if you leave them in gear while you coast to a red light, because the injectors get switched 100% off during engine braking. I don’t think *all* cars do this, because IIRC there’s a big spike of NOx right when the throttle is closed. So it might be worth checking. This is Hackaday, so I’m sure you can figure out how to measure the duty cycle of one of your fuel injectors :-)

  11. The 315mhz receiver in the CP (Charge Port) ECU goes to sleep after about 10 minutes, thus shutting down the ability to open this way. There are some conditions where the sleep will not happen, but for the most part it’s done to stop “vamipre loss”. There is single-wire CAN available in the CP, as well as PLC (Power Line Comms), but neither can be used to access the Vehicle’s internal CAN buses, they are used only for charger comms.

  12. Look at what you did now! oh the unintended consequences, who would have thought? lol!
    Tesla freezes and becomes unresponsive at 83mph, Tesla tech says “poor communication from charge port door caused power conversion system to shut off in order to protect onboard components during the drive.”

    zerohedge com/technology/watch-driver-tesla-says-computer-froze-83-mph

Leave a Reply to Phil BarrettCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.