Security researchers Tommy Mysk and Talal Haj Bakry demonstrated how easy it could be to steal Tesla owners’ login credentials using fake WiFi networks set up at Tesla charging stations.
Copying car key through a fake Tesla charging station
Using a simple hacking tool called Flipper Zero, priced at $169, the researchers set up their own “Tesla Guest” WiFi networks. When Tesla owners connected to this fake network, they were redirected to a fraudulent Tesla login page, where usernames, passwords, and two-factor authentication codes were stolen.
This method poses a new security threat to Tesla owners. Hackers can access the real Tesla app with the stolen information, track the vehicle’s location, and potentially steal it later.
When Mysk reported this issue to Tesla, he stated that the company did not recognize it as a problem. The researchers were able to abuse Tesla’s digital key feature to set up a new phone key without a physical key card.
This presents a significant security risk as it does not require a physical card, contrary to what is stated in the Tesla Model 3 owner’s manual. Mysk suggests that Tesla could solve this issue by making physical key card verification mandatory and sending notifications to owners when a new phone key is created.
This method indicates that Tesla and other electric vehicle manufacturers need to take significant steps to enhance vehicle security. It highlights the necessity for electric vehicle owners to be more security-conscious.
Additionally, it underscores the need for continuous updates and improvements to vehicle security systems by manufacturers. The discovery and publication of such security vulnerabilities can serve as a lesson for other companies in the industry and contribute to the development of safer vehicle technologies.
Feel free to share your thoughts on this issue in the comments section below.
{{user}} {{datetime}}
{{text}}