This study conducts a black-box security analysis of the LTE connectivity in Tesla Model 3 and Cybertruck, identifying systemic protocol vulnerabilities and architectural misconfigurations affecting remote diagnostics, OTA updates, and security-critical services. Using non-invasive techniques—including cellular protocol reverse engineering, control-plane configuration auditing, and radio signal degradation monitoring—we empirically uncover, for the first time in production smart vehicles, three high-severity vulnerabilities: IMSI capture, rogue base station hijacking, and silent SMS injection. Our findings demonstrate that the LTE link is susceptible to remote manipulation, resulting in undetected service availability degradation. This directly challenges foundational assumptions in ISO/SAE 21434 and UN Regulation R155/R156 regarding the trustworthiness of vehicular communication channels. The work provides critical empirical evidence and actionable technical insights to refine automotive cybersecurity compliance frameworks and mitigate wireless attack surfaces in connected vehicles.

Modern connected vehicles rely on persistent LTE connectivity to enable remote diagnostics, over-the-air (OTA) updates, and critical safety services. While mobile network vulnerabilities are well documented in the smartphone ecosystem, their impact in safety-critical automotive settings remains insufficiently examined. In this work, we conduct a black-box, non-invasive security analysis of LTE connectivity in Tesla vehicles, including the Model 3 and Cybertruck, revealing systemic protocol weaknesses and architectural misconfigurations. We find that Tesla's telematics stack is susceptible to IMSI catching, rogue base station hijacking, and insecure fallback mechanisms that may silently degrade service availability. Furthermore, legacy control-plane configurations allow for silent SMS injection and broadcast message spoofing without driver awareness. These vulnerabilities have implications beyond a single vendor as they challenge core assumptions in regulatory frameworks like ISO/SAE 21434 and UN R155/R156, which require secure, traceable, and resilient telematics for type approval of modern vehicles.