- Hackers have a potential new way to steal your Tesla.
- Researchers created a fake Tesla WiFi network to steal the owner’s login info and set up a new phone key.
- Teams have previously found other hacking vulnerabilities in the high-tech Teslas.
If you own a Tesla, you might want to be extra careful logging into the WiFi networks at Tesla charging stations.
Security researchers Tommy Mysk and Talal Haj Bakry of Mysk Inc. published a YouTube video explaining how easy it can be for hackers to run off with your car using a clever social engineering trick.
Here’s how it works.
Many Tesla charging stations — of which there are over 50,000 in the world — offer a WiFi network typically called “Tesla Guest” that Tesla owners can log into and use while they wait for their car to charge, according to Mysk’s video.
Using a device called a Flipper Zero — a simple $169 hacking tool — the researchers created their own “Tesla Guest” WiFi network. When a victim tries to access the network, they are taken to a fake Tesla login page created by the hackers, who then steal their username, password, and two-factor authentication code directly from the duplicate site.
Although Mysk used a Flipper Zero to set up their own WiFi network, this step of the process can also be done with nearly any wireless device, like a Raspberry Pi, a laptop, or a cell phone, Mysk said in the video.
Once the hackers have stolen the credentials to the owner’s Tesla account, they can use it to log into the real Tesla app, but they have to do it quickly before the 2FA code expires, Mysk explains in the video.