Modern connected vehicles rely on persistent LTE connectivity to enable remote diagnostics, over-the-air (OTA) updates, and safety-relevant services. While mobile network vulnerabilities are well documented in the smartphone ecosystem, their impact in safety-relevant automotive settings remains insufficiently examined. We conduct a black-box case study of LTE security in Tesla's Model 3 and Cybertruck, revealing systemic protocol weaknesses and architectural misconfigurations in connected vehicles. We find that Tesla's telematics stack is susceptible to IMSI catching, rogue base station hijacking, and insecure fallback mechanisms that may silently degrade service availability. Furthermore, legacy control-plane configurations allow for silent SMS injection and broadcast message spoofing without driver awareness. While the vulnerabilities are grounded in Tesla, this case study suggests broader implications for connected-vehicle telematics and for regulatory frameworks such as ISO/SAE 21434 and UN R155/R156, which assume secure, traceable, and resilient telematics in modern vehicles.

翻译：现代联网汽车依赖于持续的LTE连接来实现远程诊断、空中（OTA）更新以及安全相关服务。虽然移动网络漏洞在智能手机生态系统中已有详尽记录，但其在对安全至关重要的汽车环境中的影响仍未得到充分研究。我们对特斯拉Model 3和Cybertruck的LTE安全性进行了黑盒案例研究，揭示了联网汽车中存在的系统性协议弱点与架构配置错误。我们发现特斯拉的远程信息处理堆栈易受IMSI捕获、伪基站劫持以及可能无声降低服务可用性的不安全回退机制影响。此外，遗留控制平面配置允许无声SMS注入和广播消息欺骗，而驾驶员对此毫不知情。尽管漏洞源于特斯拉，但本案例研究表明，这对联网汽车远程信息处理以及ISO/SAE 21434和UN R155/R156等监管框架具有更广泛的启示，这些框架假设现代汽车具有安全、可追溯且稳健的远程信息处理能力。