Security researchers have found numerous vulnerabilities in some of today’s most popular vehicles, including finding ways to access owner data, take control of vehicle systems, and more. Tesla’s vehicles aren’t immune, and a team of researchers recently showed how easy accessing one of the advanced EVs with a simple electronic device can be.
The crew at Mysk has found a way to clone Tesla owners’ keys by hacking into the wireless internet networks at the automaker’s Supercharger stations. They use a device called Flipper Zero, which can broadcast a fake Wi-Fi network with a name similar to the ones used at Superchargers.
Once the user is connected and has entered their Tesla account information, their data is captured by the Flipper Zero. Hackers then prompt the user for a multi-factor authentication code, which allows them to access a Tesla account using an app on their smartphones. The hackers can then gain access to the car, clone a key using the Flipper Zero, and other malicious actions.
Some companies pay bounties to hackers who come forward with information about a vulnerability or security issue, but Tesla’s response to Mysk was surprising. The automaker responded, “Thanks for the report. We have investigated and determined that this is the intended behavior. The ‘Phone Key’ section of the owner’s manual makes no mention of a key card being required to add a phone key.”
While there are a few steps involved in this hack, and the bad actors have to be somewhat nearby to commit the crime, it’s worth noting that this is one of the simpler vulnerabilities we’ve seen so far. Some hackers have outlined having to access deeply protected vendor accounts and other complicated pathways to gain user info, while this one appears to be pretty straightforward by comparison.
[Image: Shutterstock]
Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by subscribing to our newsletter.
