Researchers have found a new way of hijacking WiFi networks at Tesla charging stations for stealing vehicles- a design flaw that only needs an affordable, off-the-shelf tool.
Experts find an easy way to steal a Tesla
As Mysk Inc. cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video hackers only require a simple $169 hacking tool known as Flipper Zero, a Raspberry Pi, or just a laptop to pull the hack off.
This means that with a leaked email and a password, the owner could lose their Tesla car. The rise of AI technologies has increased phishing and social engineering attacks. As a responsible company, you must factor in such threats in your threat models.
And it's not just Tesla. You'll be surprised to know cybersecurity experts have always cautioned about the use of keyless entry in the car industry, which often leaves modern cars at risk of being hacked.
Hash Tag Foolery
The problem isn't hacking- like breaking into software, it's a social engineering attack that tricks a car owner into handing over their information. Using a Flipper, the experts create a WiFi network called "Tesla Guest," the same name Tesla uses for its guest networks at service centers. After this, Mysk created a fake website resembling Tesla's login page.
After this, it's a cakewalk. In this case, hackers broadcast networks around a charging station, where a bored driver might be looking to connect over WiFi. The owner (here, the victim) connects to the WiFi and fills in their username and password on the fake Tesla website.
The hacker uses the provided login credentials and gains access to the real Tesla app, which prompts a two-factor authentication code. The victim puts the code into the fake site, and hackers get access to their account.
Once you've trespassed into the Tesla app, you can create a "phone key" to unlock and control the car via Bluetooth using a smartphone. Congratulations, the car is yours!
Mysk has demonstrated the attack in a YouTube video.
Tesla can fix the flaw easily but chooses not to
Mysk says that Tesla doesn't alert the owner if a new key is created, so the victim doesn't know they've been breached. And the bad guy doesn't have to steal the car right away, because the app shows the location of the car.
The Tesla owner can charge the car and take it somewhere else, the thief just has to trace the location and steal it, without needing a physical card. Yes, it's that easy.
Mysk tested the design flaw on his own Tesla and discovered he could easily create new phone keys without having access to the original key card. But Tesla has mentioned that's not possible in its owner manual.
Tesla evades allegation
When Mysk informed Tesla about his findings, the company said it was all by design and "intended behaviour," underplaying the flaw.
Mysk doesn't agree, stressing the design to pair a phone key is only made super easy at the cost of risking security. He argues that Tesla can easily fix this vulnerability by alerting users whenever a new phone key is created.
But without any efforts from Tesla, the car owners might as well be sitting ducks.
A sophisticated computer/machine doesn't always mean it's secure, the extra complex layers make us more vulnerable. Two decades back, all you needed to steal a car was getting a driver's key or hot-wiring the vehicle. But if your car key is a bundle of ones and zeroes, you must rethink the car's safety.