Tesla EVs vulnerable to theft via Wi-Fi hijacking, say researchers
What's the story
Security researchers at Mysk Inc. have discovered a significant cybersecurity flaw in Tesla's charging stations, which could potentially allow hackers to steal vehicles.
The vulnerability can be exploited using an inexpensive hacking tool, such as Flipper Zero or a Raspberry Pi.
With just a leaked email and password, a Tesla vehicle could be at risk of theft.
This discovery underscores the increasing threat of phishing and social engineering attacks in today's tech-driven world.
Process involved
The mechanics of Tesla Wi-Fi hijacking
The hacking process involves creating a counterfeit Wi-Fi network, named "Tesla Guest," which mimics the authentic one.
Unsuspecting users attempting to connect to this network could be tricked into entering their login details on a fake site.
These stolen credentials can then bypass Tesla's two-factor authentication, granting access to the victim's Tesla smartphone app.
This allows hackers to unlock and potentially steal the vehicle without needing a physical key card.
Scenario
Company's response to the security vulnerability
Upon discovering this security loophole, researchers tested it on a Tesla vehicle and were able to create new phone keys without the original physical key card.
Despite Tesla's owner manual stating otherwise, the company responded by downplaying the vulnerability as "intended behavior."
Researchers have suggested that a simple solution would be for Tesla to notify users when a new phone key is created. At the moment, Tesla doesn't actually do that.
It remains unclear whether this recommendation will be implemented.
Insights
Broader implications for the auto industry
The vulnerability discovered in Tesla's charging stations isn't an isolated issue.
Cybersecurity experts have been voicing concerns about use of keyless entry across auto industry, which exposes modern vehicles to theft risks.
The rise of AI technologies has led to an increase in phishing and social engineering attacks, making it crucial for companies to consider these risks in their threat models.
This incident serves as a stark reminder of the importance of robust cybersecurity measures in our increasingly digital world.
Recent event
How a Tesla led to tragic demise of a CEO
Angela Chao, the CEO of Foremost Group and sister-in-law of Sen. Mitch McConnell, passed away in February when her Tesla Model X accidentally backed into a pond on her Texas property during a Lunar New Year gathering.
According to The Wall Street Journal, Chao's friends witnessed the horrifying event as the vehicle slowly sank into the pond.
Chao was driving from her guest house to her main residence when she accidentally put the car in reverse.
Obstacles
Difficulty escaping sinking Tesla
Experts say that people have about 30-60 seconds to safely exit a sinking car.
With automatic windows like those in Tesla vehicles, there are only a few seconds to roll down the windows before water levels become too high.
After that, breaking the glass is the only escape option.
However, Tesla uses laminated glass, which is extremely durable and nearly impossible to break under water pressure.
Case
Investigation and conspiracy theories
Per WSJ, Chao was pronounced dead upon arrival, and no autopsy was conducted.
However, Blanco County law enforcement is still investigating her death as a criminal matter, leading to conspiracy theories suggesting foul play due to her position as CEO of a shipping conglomerate.
Texas hedge fund manager Kyle Bass tweeted on March 1, "Does the Blanco County Sheriff have the technical capacity to investigate the Tesla Logs to determine if the car was tampered with or even hacked?"