Be careful with the networks you are connecting to, as researchers unveiled a new Tesla hack that uses the Flipper Zero to steal a user's credentials that could grant them access to a car and drive away. Through the Flipper Zero device, users may fool Tesla EV owners by giving them access to the app and creating a phone key from their smartphones, and from there, anything could be possible.
The discovery gives Tesla owners an alert to be more vigilant in the networks they connect to and what website they give their credentials to regarding their accounts.
Tesla Flipper Zero Hack: New Tactic Revealed by Researchers
(Photo : Spencer Platt/Getty Images)
Mysk, a renowned security research company, shared a new video that details their latest discovery of a new Tesla vulnerability using a Flipper Zero device. While not exactly a hack, this new tactic targets unknowing Tesla EV owners to share their credentials with the bad actors, calling this a social engineering attack.
The first step said Mysk was for threat actors to set up fake networks in charging stations or other places where a Tesla owner would connect to a duplicate Tesla website. Bad actors may name the network "Tesla Guest" and it is the same name the company uses for guest networks.
After connecting to the fake WiFi, users would then be asked to enter their credentials to the website, followed by asking for a two-factor authentication code, which would then give the bad actors everything they need to their hacking device, which in Mysk's case, the Flipper Zero.
After obtaining the information for the specific EV, hackers may then use it to register their device as a Phone Key for the victim's Tesla, granting them access to the car once it is left unattended.
By adding it to their smartphone, they may gain access to many of the EV's functions like locking and unlocking doors which thieves may take items from, or go as far as driving away with the Tesla car.
Flipper Zero Phone Keys and Tesla EVs
Flipper Zero is best known as a pen-testing device, but several bad actors have exploited the cheap and tiny device for various crimes that target unknowing users. From spoofing the iPhones and other smartphone devices' Bluetooth vulnerability that sends them multiple notifications to replicating the car's key fobs that help unlock them, it already gained a notoriety in the tech industry.
It is known that Tesla was among the many car companies who are already supporting "Phone Keys" with the many uses for their EVs, including that of unlocking and locking the vehicle, down to starting them. Before, it used Bluetooth connections to make this possible, but the company recently upgraded to ultrawideband (UWB) to make the wireless signals better with longer range.
The hack recently revealed by Mysk is more of a new victimizing tactic that would target unaware Tesla owners in sharing their credentials, enough to create a phone key for the threat actors. There are ways to protect against this and one would be to avoid connecting to unknown networks, with the other opting out of providing authentication codes to a website.
