Researchers have discovered that hackers can use a special tool to take control of the WiFi at places where Tesla cars get charged. This means they could steal the cars without anyone knowing. It’s a big problem because the tool they need is not very expensive and anyone can buy it.
Two security researchers named Tommy Mysk and Talal Haj Bakry showed in a YouTube video that hackers can use a tool called Flipper Zero, which costs $169, or a Raspberry Pi or a laptop to hack into things.
Even other car companies besides Tesla are facing problems with their cars being stolen because of keyless entry systems. Cybersecurity experts have been warning about this issue for a while now.
Hackers trick people by creating a fake WiFi network that looks like the real one from Tesla. If someone tries to use the free network provided by the electric car company, they might accidentally give their login information to a fake website that looks like the real one.
This stolen login info could then be used to skirt around Tesla’s two-factor authentication and log in to the victim’s Tesla smartphone app, unlocking the vehicle without ever needing a physical card.
After getting into the system, the hackers could even create a new “phone key,” allowing them to come back to the vehicle later and drive off with it without raising suspicion. That’s because Tesla doesn’t actually notify the user if a new key is created.
Once he told Tesla about his findings, the EV maker underplayed the vulnerability, telling him it was all by design and “intended behavior,” an assertion that Mysk called “preposterous.” Mysk argues it would be easy for the automaker to plug the vulnerability by simply notifying users if a new phone key is created.
Reference- YouTube, Gizmodo, Futurism, Inside EVs, The Drive