Researchers Find Super Simple Way to Hack Tesla Keys
Security researchers have found numerous vulnerabilities in some of today’s most popular vehicles, including finding ways to access owner data, take control of vehicle systems, and more. Tesla’s vehicles aren’t immune, and a team of researchers recently showed how easy accessing one of the advanced EVs with a simple electronic device can be.
The crew at Mysk has found a way to clone Tesla owners’ keys by hacking into the wireless internet networks at the automaker’s Supercharger stations. They use a device called Flipper Zero, which can broadcast a fake Wi-Fi network with a name similar to the ones used at Superchargers.
Once the user is connected and has entered their Tesla account information, their data is captured by the Flipper Zero. Hackers then prompt the user for a multi-factor authentication code, which allows them to access a Tesla account using an app on their smartphones. The hackers can then gain access to the car, clone a key using the Flipper Zero, and other malicious actions.
Some companies pay bounties to hackers who come forward with information about a vulnerability or security issue, but Tesla’s response to Mysk was surprising. The automaker responded, “Thanks for the report. We have investigated and determined that this is the intended behavior. The ‘Phone Key’ section of the owner’s manual makes no mention of a key card being required to add a phone key.”
While there are a few steps involved in this hack, and the bad actors have to be somewhat nearby to commit the crime, it’s worth noting that this is one of the simpler vulnerabilities we’ve seen so far. Some hackers have outlined having to access deeply protected vendor accounts and other complicated pathways to gain user info, while this one appears to be pretty straightforward by comparison.
[Image: Shutterstock]
Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by subscribing to our newsletter.
Chris grew up in, under, and around cars, but took the long way around to becoming an automotive writer. After a career in technology consulting and a trip through business school, Chris began writing about the automotive industry as a way to reconnect with his passion and get behind the wheel of a new car every week. He focuses on taking complex industry stories and making them digestible by any reader. Just don’t expect him to stay away from high-mileage Porsches.
More by Chris Teague
Comments
Join the conversation
I had fallen victim to a malicious scam exploited by a cunning fraudster friend, who lured me into a fake cryptocurrency investment scheme through a website called CryptoCirtus.com. Sadly, i had lost a staggering $400,000 to this elaborate deception. Determined to seek justice and recovers my hard-earned money, It was during this desperate search that i came across Trustwizards Hackworld, a renowned cybersecurity and financial recovery agency. Trustwizards,(trustwizards(AT)G'MAIL) known for their expertise in handling complex scams and financial fraud cases, understood the gravity of the situation and quickly assembled a team of skilled professionals to assist me. As the investigation unfolded.
Finally, Trustwizards had successfully traced the stolen funds. Through their relentless efforts, they recover my $400,000. It brought a sense of closure and relief to me, who had feared losing everything. Trustwizards not only helped me recover my funds but also provided me with guidance and education on how to protect myself from future scams. They shared valuable insights and best practices for online security and investment precautions, empowering me and others to make informed decisions in the digital realm. And so, with Trustwizards' expertise and unwavering dedication, my tale of loss and despair transformed into a story of resilience, justice, and hope in the face of adversity. I vowed to become an advocate for cybersecurity awareness, helping others avoid falling victim to similar scams, fighting against cybercrime and bringing hope to those who had lost everything. If you have similar experience you can contact: trustwizards AT G'mail Dot com. W/app: (+1) 3,8,6,- (3,8,7,)
7,0,5,4. Telegram: trustwizards_hackworld
This is called a man in the middle attack and has been around for years. You can fall for this in a Starbucks as easily as when you’re charging your car. Nothing new here…