Teslas Can Be Stolen by Hijacking WiFi at Charging Stations, Researchers Find
Tesla Theft
Researchers have found that hackers could easily hijack WiFi networks at Tesla charging stations to steal vehicles — a glaring cybersecurity vulnerability that only requires an affordable, off-the-shelf tool.
As Mysk Inc. security researchers Tommy Mysk and Talal Haj Bakry demonstrated in a recent YouTube video — as first reported spotted by Gizmodo — hackers only need a simple $169 hacking tool called Flipper Zero, a Raspberry Pi, or a laptop to pull it off.
"This means with a leaked email and password, an owner could lose their Tesla vehicle," Mysk told Gizmodo. "Phishing and social engineering attacks are very common today, especially with the rise of AI technologies, and responsible companies must factor in such risks in their threat models."
And it's not just Tesla. Cybersecurity researchers have long rung alarm bells over the use of keyless entry in the car industry, which leave modern vehicles at risk of being stolen.
Hash Tag Guest
Here's how the ruse works. Using their weapon of choice, hackers create a spoof WiFi network called "Tesla Guest" that masquerades as the real thing.
If a victim were to try to access the network, which the EV maker normally provides free of charge to waiting customers, they could be duped into giving up their login by entering it into a duplicate site.
This stolen login info could then be used to skirt around Tesla's two-factor authentication and log in to the victim's Tesla smartphone app, unlocking the vehicle without ever needing a physical card.
Once logged in, the hackers could even create a new "phone key," allowing them to come back to the vehicle later and drive off with it without raising suspicion.
That's because Tesla doesn't actually notify the user if a new key is created, as Mysk and Bakry point out in their video.
Mysk tested out the vulnerability on his own Tesla and found that he was easily able to create new phone keys without ever having access to the original, physical key card. That's despite Tesla promising that wasn't possible in its owner's manual.
Once he told Tesla about his findings, the EV maker underplayed the vulnerability, telling him it was all by design and "intended behavior," an assertion that Mysk called "preposterous" in his interview with Gizmodo.
"The design to pair a phone key is clearly made super easy at the expense of security," he said.
Mysk argues it would be easy for the automaker to plug the vulnerability by simply notifying users if a new phone key is created.
But whether the company will heed his word remains to be seen.
More on Tesla: Tesla's Official Cybertruck Camping Attachment Looks Absolutely Laughable