Listen, I’m not sure we’ve really hard all that many positive news stories about Teslas on the road, but I’m sure there are owners out there who love them.
According to recent research, though, those owners should stick close to their vehicles when they’re charging at public stations.
That’s because it seems the WiFi networks are easily hacked by those who know what they’re doing.
Security researchers Tommy Mysk and Tala Haj Bakry of Mysk Inc. demonstrated their findings in a recent YouTube video. In it, they claim hackers would only need $169 to grab a hacking tool called Flipper Zero, or a Raspberry Pi, or just a laptop to pull it off.
“This means with a leaked email and password, an owner could lose their Tesla vehicle. Phishing and social engineering attacks are very common today, especially with the rise of AI technologies, and responsible companies must factor in such risks in their threat models.”
Cybersecurity researchers have been wary of all keyless entry models because of the struggle to really make them secure. With these hacking tools, all hackers have to do is spoof a WiFi network called “Tesla Guest” that looks like the real thing.
Lots of people use this free-of-charge network while they’re waiting for their cars to charge, meaning they would use their login information to access it. From there, hackers could skirt the two-factor authentication and log in to the victim’s Tesla app and unlock the vehicle without needing a “key” or card at all. Then they could create a new phone key, allowing them to come back later and drive it off.
As of now, Tesla doesn’t notify the user if a new key is created, which seems like quite the oversight.
Mysk tests this out on his own Tesla and easily created new phone keys without having access to the original. Tesla, for their part, started out saying it wasn’t possible.
When confronted with the findings, they claimed in an interview that it was an “intended behavior.”
Mysk (and I’m sure others), call this idea “preposterous.”
“The design to pair a phone key is clearly made super easy at the expense of security.”
Simple notifying users of new keys would be a simple way to help people avoid this, but Tesla hasn’t made any comment about making this a reality.
They’ve probably got a long list of problems to fix.
I’m just saying.
If you enjoyed that story, check out what happened when a guy gave ChatGPT $100 to make as money as possible, and it turned out exactly how you would expect.