They find a way to hack and steal a Tesla

Tesla has always claimed that its cars are designed to be theft-resistant. If someone breaks into them, the original owner can turn them off remotely; If someone scratches or hits them, the Sentinel function will record the scene and send it to the owner’s smartphone. However, a group of hackers claims to have found a way to achieve the impossible: stealing a Tesla.

As reported by Autoblog, security researchers Tommy Misek and Talal Haj Bakari have added fuel to the fire of the Canadian government’s attack on the Flipper Zero multi-tool gadget with a video that shows it can actually be used to power a Tesla Model 3. Can be used to steal. car., although in an attack that would also work using any other Wi-Fi enabled device capable of hosting the web page and acting as a wireless access point.

“Phishing and social engineering attacks are not uncommon. However, an attacker who manages to obtain leaked or stolen credentials doesn’t have to have it all,” Misch and Bakary write. “(Our investigation) shows that Tesla does not protect its users, or vehicles, from stolen credentials. Unfortunately, an attacker who somehow obtains the vehicle’s Tesla account credentials could take control of the car. And can run away with it.”

Like many modern vehicles, Teslas are designed around a keyless entry and starting system: although each vehicle is provided with card-like keys, once purchased the owner must register their phone instead. is encouraged, allowing you to unlock and start the vehicle. Take something else. Mysk and Bakari explain that the problem occurs when your credentials for the Tesla application are leaked.

“The main problem with the design is that Tesla only requires an account email and password, as well as being physically near the Tesla vehicle to activate the phone key,” the pair write. “With the phone key activated, the user or attacker has complete control of the vehicle. The flow does not require the user to be inside the vehicle or use any other physical factor for authentication, such as a Tesla card key or Scan the QR code that the Tesla’s touch screen displays.

Continue reading story

However, this requires the attacker to know the Tesla app username and password, which is where Flipper Zero comes in handy. The Flipper Zero is a multifunctional handheld device similar to the Tamagotchi that has been developed to interface with access control systems. The device is able to read, copy and emulate NFC chips such as smartphones, radio remote controls, iButtons and digital access keys.

Using an alternative Wi-Fi card, the researchers show how Flipper Zero can be used to spread a malicious wireless hotspot and send users to a fake Tesla login page. When the credentials are entered, they are displayed on the Flipper Zero screen and used to request a one-time code, after which the attacker configures their phone as a Tesla key without further interaction from the victim. Can do.

The attack, which Myske and Bakari say has been dismissed as “deliberate behavior” by Tesla, comes as the Canadian government plans to ban the Flipper Zero and similar devices to stem a wave of phone thefts. This comes after the announcement of the scheme. in the country, none of which, Flipper Devices noted at the time, are known to include the Flipper Zero. However it performs the attack, it does not use anything specific to Flipper Zero’s capabilities: any device that can broadcast a Wi-Fi hotspot and host a web page is capable of carrying out the same attack. will be.

The entire attack is shown in the video embedded above and on Mysk’s YouTube channel; Tesla has not commented publicly on the apparent vulnerability of its vehicles.

More news that may interest you:

On video | Musk said Tesla’s value will increase, but it doesn’t