Listen, I don’t know if we’ve covered that much positive news about Teslas on the road, but I’m sure there are owners out there who love Teslas.
But recent research suggests these owners should stay close to their cars when charging at public stations.
That’s because WiFi networks seem to be easily hacked by people who know what they’re doing.
Security researchers Tommy Mysk and Tala Haj Bakry from Mysk Inc. demonstrated their findings in a recent YouTube video. In it, they claim that all a hacker needs is $169 to get a hacking tool called Flipper Zero, a Raspberry Pi, or a laptop to run it.
“This means owners could lose their Teslas if their emails and passwords are compromised. Phishing and social engineering attacks have become very common today, especially with the rise of AI technology. “Responsible companies must factor such risks into their threat models.”
Cybersecurity researchers are wary of all keyless entry models because it is difficult to make them actually secure. With these hacking tools, all a hacker needs to do is impersonate a real-looking WiFi network called “Tesla Guest.”
Many people use this free network while waiting to charge their car. This means you will be accessing it using your login information. From there, the hacker is able to bypass her two-factor authentication, log into the victim’s Tesla app and unlock her vehicle without requiring a “key” or card at all. You can then create a new phone key so you can come back and drive it later.
As of now, Tesla does not notify users when a new key is created, which seems like a huge oversight.
Mysk tested this on his Tesla and easily created a new phone key without having to access the original phone key. Tesla started saying it wasn’t possible.
When faced with this finding, they claimed in an interview that it was an “intended action.”
Image credit: Shutterstock
Maisk (and I’m sure others) calls this idea “ridiculous.”
“The design of pairing phone keys is clearly made to be very easy at the expense of security.”
An easy way to get around this would be to simply notify the user of the new key, but Tesla has not commented on making this happen.
They probably have a long list of problems to solve.
Just saying.
If you liked this story, check out what happened when a guy gave ChatGPT $100 to make as much money as possible. And it turned out exactly as you expected.
