There technologycross and delight of latest generation cars. We are talking about adouble edged weaponsometimes a real advantage, other times, a dangerous risk For car thefts. The two researchers who have demonstrated how easy and fast it can be to achieve this are well aware of this steal a Tesla by recreating a copy of the Phone Key. The system is based on “man in the middle” methodalso known by the acronym “MiTM”, and is seriously in danger of becoming a nightmare for motorists; although Elon Musk he doesn't seem to be worried about it, and preaches calm.
How to Steal a Tesla with the Phone Key App
A pair of researchers revealed this flaw in Tesla's system specialized in computer security systems formed by Talal Haj Bakry and Tommy Mysk. The two scholars clearly demonstrated how to steal a Tesla through a so-called attack phishing MiTM using a WiFi network to then recreate a copy of the digital key on the smartphone, the Tesla Phone Key. With the new Phone Key you have free access to the cockpit of the car, with the also possible to start the engine. And all of that without the Card Key associated with the vehicle; that is, the “key” to Tesla cars.
Tesla all models vulnerable to phishing attacks
Haj Bakry and Mysk, therefore, simulated a cyber attack with the MiTM method on a Tesla equipped with on-board software 11.1 2024.2.7using the updated version ofapplication Tesla 4.30.6. The two researchers thus demonstrated how easy it is to create a new one Phone Key associated with the vehicle in question without creating any suspicion either on the owner or on the car's system. A process that thus leverages a sort of breach in the protection system of the electric car, and which, in theory, would allow anyone to take possession of it and, as if that wasn't enough, also of start the engine without requiring the necessary tools for such operations.
Beware of “Tesla guest” WiFi
So, just create one new WiFi networkto be named “Tesla guests“, and that's practically it. The name of the network is crucial; in fact this will not catch the eye, and probably will not be understood as an alarm, as it is a very common name among SSID used by Tesla service centers. So, once the victim has been found and the network has been created, all you have to do is wait for the unfortunate driver to connect to the new WiFi.
Afterwards the victim will be redirected to a new login pagefalse obviously, where you will be asked to re-enter yours access codes Tesla, including the fundamental code for two-factor authentication. Finally, the Tesla owner codes come stolen and used to access your profile in the official application of the US car company, through which you can control some functions of the vehicle.
Phone Key App Tesla
Tesla's “Phone Key” is a feature that allows owners of Tesla vehicles to use their smartphone as a key to unlock and start the vehicle. This eliminates the need to use a traditional physical key. Simply recreate a new Phone Key to open and take away the car. The thief is now able to add to the same profile another device in his control, and above all in his possession, and thus create a new Phone Key connected to the Tesla in question, taking command.
In short, there are no provisions for creating a new Phone Key security checks or authentications of any kind. And furthermore, this one doesn't produce no notification to be sent to the original device through the Tesla app, nor on the car's dashboard screen.
How to protect yourself?
How to protect yourself and avoid having your Tesla stolen? Simply, just be careful not to enter access data to unknown or “guest” WiFi networks.
Tesla problem (serious), but Elon Musk doesn't want to listen…
Woe betide you if you take this problem lightly, and not so much because i car thefts through technological methods are increasing (see the use of so-called code grabbers which are “popular” in Italy). But more than anything because the two researchers Talal Haj Bakry and Tommy Mysk have found a real one flaw in the system Tesla. Finally, Haj Bakry and Mysk showed the parent company their experiment with the so-called MiTM method, highlighting the serious problems of the system. But according to Tesla, what was ascertained by the study carried out by the pair of researchers it is not considered a real weaknessbut rather a expected behavior.
#Tesla #risk #theft #Phone #Key #App #protect
