Hackers discover new way to steal Teslas at charging stations
If you own a Tesla, you might want to think twice before logging into a Tesla charging station’s WiFi network. Mysk Inc. security researchers Tommy Mysk and Talal Haj Bakry have discovered a new technology that could allow hackers to steal Teslas parked at charging stations using clever social engineering tricks. discovered a vulnerability.
Researchers have published a YouTube video explaining how they were able to create a fake Tesla WiFi network and steal the owner’s login information. Many Tesla charging stations around the world offer his WiFi network called “Tesla Guest” that Tesla owners can use while charging their cars. Researchers created their own “Tesla Guest” WiFi network using a hacking tool called Flipper Zero. When victims try to connect to the network, they are redirected to a fake Tesla login page set up by the hacker. The hacker then steals the victim’s username, password, and her two-factor authentication code directly from the cloned site.
According to Mysk, setting up a fake WiFi network can be done on a variety of devices, including a Raspberry Pi, laptop, and mobile phone. Once the hacker obtains the owner’s credentials, they can log into his real Tesla app. One of the unique features of Tesla cars is that the owner can use his mobile phone as a digital key to unlock the car. Using this feature, researchers were able to set up a new phone key even when they were just a few feet away from the target vehicle.
The potential impact of this vulnerability is concerning. Hackers don’t even have to steal the car right away. Its location can be tracked through the app and later stolen. Maiske pointed out that Tesla owners were not even notified when a new phone key was created, contrary to what the instruction manual states.
When Mysk reported the issue to Tesla, the company responded that it had investigated and concluded there was no problem. However, Mysk believes that to address this vulnerability, Tesla should require physical keycard authentication and notify owners when a new phone key is created.
This isn’t the first time researchers have discovered a way to hack Tesla. In 2022, a 19-year-old hacker claimed to have hacked 25 of his Teslas around the world, but the specific vulnerability has since been patched. Later that year, a security firm discovered another way to hack into Teslas from hundreds of miles away.
As technology advances, it’s important that companies like Tesla take these vulnerabilities seriously and implement robust security measures to protect their customers’ vehicles. The rise of AI technology has also increased the prevalence of phishing and social engineering attacks, making it even more important for responsible companies to consider such risks in their threat models.
Although Mysk’s experiment was conducted for research purposes only, it serves as a reminder of the importance of cybersecurity in an increasingly connected world. Tesla owners should be careful when connecting to their WiFi networks at charging stations and always be on the lookout for potential hacking attempts.
