“This means owners could lose their Tesla vehicles if their emails and passwords are compromised.”
tesla theft
Researchers have discovered that hackers can easily take over the WiFi network of a Tesla charging station and steal the vehicle. This is an obvious cybersecurity vulnerability that requires only affordable off-the-shelf tools.
It was first discovered, as security researchers Tommy Mysk and Talal Haj Bakry of Mysk Inc. demonstrated in a recent YouTube video. gizmodo — All a hacker needs is a simple $169 hacking tool called Flipper Zero, a Raspberry Pi, or a laptop.
“This means owners could lose their Teslas if their emails and passwords are compromised,” Miske said. gizmodo. “Phishing and social engineering attacks are so common today, especially with the rise of AI technology, that responsible businesses must factor such risks into their threat models.”
And it’s not just Tesla. Cybersecurity researchers have long warned against the use of keyless entry in the auto industry, putting modern vehicles at risk of theft.
hashtag guest
Here’s how the ruse works: Using their weapon of choice, the hackers create a fake girlfriend WiFi network called “Tesla Guest” that pretends to be real.
If a victim attempts to access a network that EV manufacturers typically offer free to waiting customers, they may be tricked into visiting a duplicate site and abandoning their login.
This stolen login information could be used to bypass Tesla’s two-factor authentication, log into the victim’s Tesla smartphone app, and unlock the vehicle without the need for a physical card. there is.
Once logged in, the hacker can also create a new “phone key” that they can later return to the vehicle and drive off with the key without arousing suspicion.
That’s because, as Mysk and Bakry point out in the video, Tesla doesn’t actually notify users when a new key is created.
Mysk tested the vulnerability on his Tesla and found that it was easy to create a new phone key without having access to the original physical key card. That’s despite Tesla’s instruction manual promising that it’s not possible.
When Maisk told Tesla about his findings, the EV maker downplayed the vulnerability and said it was all by design and “intended behavior,” a claim Maisk denied in an interview. It’s ridiculous.” gizmodo.
“It’s clear that the design of pairing phone keys is made to be very easy at the expense of security,” he said.
Maiske argues that automakers could easily eliminate the vulnerability by simply notifying users when a new phone key has been created.
But it remains to be seen whether the company will follow his word.
Learn more about Tesla: Tesla’s official Cybertruck camping attachment is absolutely hilarious
