March 7, 2024 at 02:41PM
Researchers Talal Haj Bakry and Tommy Mysk discovered a vulnerability in Tesla’s security, allowing a phishing attack using a Flipper Zero or similar devices to compromise accounts, unlock and start cars. By deploying a fake Tesla Guest WiFi network, attackers can extract credentials, bypass two-factor authentication, and add a new Phone Key without alerting the owner.
From the meeting notes, the following key takeaways can be gathered:
1. A phishing attack using a Flipper Zero device or similar method poses a threat to Tesla accounts, allowing unauthorized access to vehicles by exploiting vulnerabilities in the Tesla app and software.
2. Security researchers Talal Haj Bakry and Tommy Mysk reported the vulnerability to Tesla, highlighting the lack of proper authentication security when linking a new phone to a car.
3. The phishing process involves creating a spoofed WiFi network, prompting victims to enter their Tesla account credentials, and bypassing two-factor authentication by requesting a one-time password.
4. Once access to the victim’s Tesla account is obtained, the attacker can add a new ‘Phone Key’ without the need for physical authentication, enabling them to unlock, start, and drive away with the vehicle.
5. Adding a new Phone Key does not trigger any notifications to the Tesla owner, allowing the attacker to activate all systems and drive the vehicle without alerting the owner.
6. Tesla’s response to the researchers’ findings indicated that the procedure for adding a new Phone Key was intended behavior and not explicitly stated in the owner’s manual, implying a potential gap in security measures.
7. Further inquiries have been made to Tesla about implementing security measures to prevent such attacks and the possibility of issuing an over-the-air (OTA) update.
These takeaways outline the critical security concerns raised by the researchers and the need for improved authentication and notification protocols to mitigate the risk of unauthorized access to Tesla vehicles.