Would You like a feature Interview?
All Interviews are 100% FREE of Charge
This article was first published business insider.
If you own a Tesla, you may want to be extra careful when logging into your Tesla charging station’s WiFi network.
Security researchers Tommy Mysk and Talal Haj Bakry of Mysk Inc. Published a YouTube video on Thursday It explains how hackers can easily make off with your car using clever social engineering tricks.
Here’s how it works:
Many Tesla charging stations – the number is exceeded 50,000 worldwide — According to Mysk’s video, it offers a WiFi network, typically called “Tesla Guest,” that Tesla owners can log in to and use while waiting for their car to charge.
Using a device called Flipper Zero — A simple $169 hacking tool — Researchers have created their own “Tesla Guest” WiFi network. When the victim attempts to access the network, she is directed to a fake Tesla login page for her created by the hacker, who then steals her username, password, and two-factor authentication code directly from the cloned site.
Although Mysk used Flipper Zero to set up his own WiFi network, this step of the process can also be done on almost any wireless device, such as a Raspberry Pi, laptop, or cell phone, Mysk said in the video. Masu.
Once a hacker steals an owner’s Tesla account credentials, they can use them to log into the real Tesla app, but they need to log in quickly before the 2FA code expires, Mysk said. is explained in the video.
One of the unique features of Tesla cars is that owners can use their mobile phone as a digital key to unlock the car without the need for a physical key card.
After logging into the app using the owner’s credentials, the researchers set up a new phone key a few feet away from the parked car.
The hacker doesn’t even have to steal the car on the spot. They can track the Tesla’s location from the app and go steal it later.
Miske said unsuspecting Tesla owners will not be notified when a new phone key is set up. The Tesla Model 3 owner’s manual also states that a physical card is required to set up a new phone key, but according to the video, Mysk found that this was not the case.
“This means owners could lose their Teslas if their emails and passwords are compromised. This is insane,” Tommy Miske said. told Gizmodo. “Phishing and social engineering attacks are so common today, especially with the rise of AI technology, that responsible businesses must factor such risks into their threat models.”
Maisk said in the video that he reported the issue to Tesla, which responded that it investigated and determined it was not an issue.
Tesla did not respond to Business Insider’s request for comment.
Tommy Miske tested this method multiple times on his car, even using a reset iPhone that he had never paired with his car, Gizmodo reported. Mysk claimed it worked every time.
Maisk said (and we agree) that the experiment was for research purposes only and that no one should steal the car.
Maisk said at the end of the video that the problem could be resolved if Tesla required physical key card authentication and notified owners when a new phone key was created.
This isn’t the first time savvy researchers have discovered a relatively easy way to hack into Tesla.
In 2022, 19-year-old claims he hacked 25 Teslas worldwide (although certain vulnerabilities have since been fixed). Later that year, Security companies found another way Hacking a Tesla from hundreds of miles away.