Technology
'White hat hackers' carjacked a Tesla using cheap, legal hardware — exposing major security flaws in the vehicle
Digital keys have become a common and convenient way of unlocking electric vehicles (EVs) — but security researchers have demonstrated how criminals can take advantage of this.
Cybersecurity researchers Tommy Mysk and Talal Haj Bakry, who work for tech firm Mysk, have discovered an exploit that lets cybercriminals access Tesla accounts to generate a "digital key" before unlocking a victim's car and driving away. They detailed their findings in a YouTube presentation on March 7.
They achieved the hack — unlocking the door of a Tesla Model 3 — despite the account being protected by two-factor authentication (2FA). This is an extra layer of protection that asks for a code before logging in — which they bypassed.
They simply needed a small Flipper Zero device and a Wi-Fi development board — both of which can be bought online.
The Flipper Zero device, which costs just $169, is akin to a "Swiss army knife" for security researchers. It lets them read, copy and emulate radio-frequency and near-field communication (NFC) tags, radio remotes, digital access keys and other signals. It's legal in the U.S. although Canada has just brought forward measures to ban it.
The researchers used a Flipper Zero alongside the Wi-Fi development board to generate and broadcast a fake Tesla login page, before duping a victim into sharing their login credentials.
How does the hack work?
The researchers conducted this exploitation through a public Wi-Fi network named “Tesla Guest," just like the ones used at Tesla servicing centers.
-
Technology1h ago
How To Use The Meta AI Chatbot In Instagram, WhatsApp Along With Its Hidden Features
-
Technology13h ago
Chipmaker Intel falls as AI competition hurts forecast
-
Technology17h ago
Eric Schmidt and Yoshua Bengio Debate How Much A.I. Should Scare Us
-
Technology20h ago
Alphabet, Microsoft earnings show hefty AI bets are driving growth
-
Technology20h ago
Argentine scientists find speedy 90-million-year-old herbivore dinosaur
-
Technology1d ago
Under the influence and under arrest − what happens if you’re drunk in the interrogation room?
-
Technology1d ago
Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files
-
Technology1d ago
What a TikTok Ban in the U.S. Could Mean for You