A team of researchers has exposed serious wireless security flaws in Tesla’s Model 3 and Cybertruck, demonstrating that the vehicles’ LTE connectivity can be intercepted and hijacked using techniques already well known in the telecom hacking world. The findings, drawn from a black-box analysis of Tesla’s telematics systems, describe cars that are effectively networked computers with attack surfaces that extend far beyond their physical frames. Paired with a separate, already-cataloged code execution vulnerability in the Model 3, the research paints a troubling picture for owners who depend on always-connected features for navigation, remote access, and software updates.
LTE Flaws Open the Door to Remote Interception
The core research, a preprint titled “Security Analysis of LTE Connectivity in Connected Cars: A Case Study of Tesla” and published on arXiv, performed a black-box security analysis of the LTE and telematics connectivity stack in both the Tesla Model 3 and Cybertruck. Rather than requiring physical access to the vehicle or its internal systems, the researchers focused on what an attacker could accomplish wirelessly, probing the cars’ cellular connections from the outside. Their findings identified susceptibility to IMSI catching, a technique where a device mimics a legitimate cell tower to capture a vehicle’s unique subscriber identity. Once captured, that identity can be used to track the car’s location or intercept its data traffic.
The same analysis also found the vehicles vulnerable to rogue base-station hijacking, where an attacker sets up a fake cellular tower and forces the car to connect to it instead of a legitimate network. This type of attack is not theoretical; law enforcement agencies and security researchers have used similar equipment for years to surveil mobile phones. What makes the Tesla findings distinct is the context: a hijacked cellular connection on a car could allow an attacker to interfere with over-the-air software updates, manipulate navigation data, or disrupt the real-time telemetry that Tesla vehicles continuously transmit. The researchers also flagged insecure fallback mechanisms, meaning that when the car loses its primary LTE connection, the way it reconnects may itself introduce additional weaknesses.
A Known Code Execution Bug Adds Urgency
The LTE vulnerabilities do not exist in isolation. A separate and already-documented flaw, designated CVE-2025-2082, targets the Tesla Model 3’s VCSEC module, the subsystem responsible for vehicle security functions including key authentication. According to the National Vulnerability Database description, this is an integer overflow vulnerability that enables remote code execution. The entry, detailed on April 30, 2025, specifies that the attack vector is network-adjacent, meaning an attacker does not need to be on the internet at large but does need to be within wireless range of the target vehicle.
That proximity requirement might seem like a limiting factor, but it aligns directly with the LTE attack scenarios described in the Tesla connectivity research. An attacker who successfully deploys a rogue base station near a parking garage, charging station, or busy intersection would already be in the right position to attempt exploitation of CVE-2025-2082. The combination of a wireless interception path and a code execution endpoint creates a chain where one vulnerability amplifies the danger of the other. Tesla has not publicly disclosed a patch timeline for CVE-2025-2082 based on available sources, and the separate NVD listing does not reference a vendor advisory or fix.
Northeastern Researchers Confirm Broader Risk
Independent work from Northeastern University reinforces the arXiv team’s conclusions. In a report dated February 2026, Northeastern researchers reported security vulnerabilities in Tesla’s Model 3, specifically within the vehicles’ wireless connectivity stack. Their findings confirmed that hackers could exploit wireless systems and that the vehicles are susceptible to attacks. The Northeastern work is significant because it arrives from a separate institution using different methods, yet reaches the same essential conclusion: Tesla’s wireless architecture has exploitable gaps.
What makes the Northeastern findings especially relevant for drivers is the practical implication. These are not obscure firmware bugs that require a laptop plugged into a diagnostic port. The vulnerabilities sit in the wireless layer itself, the same systems that enable features owners use daily: unlocking the car with a phone, streaming music, receiving navigation updates, and downloading Tesla’s frequent over-the-air software patches. If an attacker can compromise that wireless layer, the potential consequences range from data theft and location tracking to interference with safety-critical functions.
Why Fleet-Scale Connectivity Raises the Stakes
Most coverage of automotive hacking treats each vulnerability as an isolated incident, a single bug to be patched and forgotten. But the pattern emerging from these independent sources suggests a structural problem rather than a series of one-off mistakes. Tesla’s vehicles rely on persistent LTE connections for nearly every differentiating feature: Autopilot map updates, Sentry Mode cloud uploads, remote climate control, and the Tesla app’s ability to summon or locate a car. Each of those features assumes a trusted connection between the car and Tesla’s servers. The arXiv preprint’s finding that this trust can be broken through IMSI catching or rogue base stations means the entire feature set built on top of that connection inherits the risk.
The challenge is compounded by Tesla’s proprietary approach to its telematics hardware. Unlike smartphones, where users can install VPN software or toggle cellular settings, Tesla owners have little visibility into or control over how their cars attach to networks, authenticate to backend servers, or validate software updates. That opacity leaves drivers dependent on Tesla’s internal security practices and patch cadence, yet the CVE-2025-2082 record currently shows no vendor advisory or remediation details. At the same time, the Northeastern team notes that these issues are not confined to one model or one firmware version, framing the problem as a broader design challenge in how connected cars integrate cellular connectivity with safety-critical systems.
What Owners and Regulators Can Do Next
For Tesla owners, the research does not mean every vehicle is on the verge of compromise, but it does highlight a need for more cautious use of connected features. Parking for long periods near unfamiliar cellular equipment, accepting in-car prompts for updates in suspicious locations, or relying exclusively on remote access for locking and unlocking may all carry more risk than most drivers assume. Owners have limited technical recourse, but they can watch for official security notices, install software updates promptly once Tesla documents fixes, and consider limiting nonessential connectivity when practical. The broader lesson is that convenience features built on wireless links can become liabilities when those links are not robustly authenticated and monitored.
For policymakers and industry groups, the convergence of the LTE connectivity analysis, the documented VCSEC flaw, and the Northeastern findings underscores the need for clearer standards around automotive telematics security. Requirements for mutual authentication between vehicles and networks, stronger protections against rogue base stations, and transparent disclosure timelines when critical vulnerabilities are discovered could all help reduce systemic risk. As cars become more like smartphones on wheels, the expectation that their wireless infrastructure should withstand hostile radio environments is no longer optional, it is a baseline for public safety.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
