Tesla has long boasted that its cars are designed to be theft-resistant. If someone breaks into it, its rightful owners can lock it remotely; If someone scratches or hits it, the Sentinel function will record the scene and send it to the owner's smartphone. However, a group of hackers claims to have found a way to achieve the impossible: steal a Tesla.
According to what was reported by AutoBlogSecurity researchers Tommy Miske and Talal Haj Bakri added fuel to the fire of the Canadian government's attack on the Flipper Zero multi-tool with a video showing that it could indeed be used to steal a Tesla Model 3, although in an attack that also works using any other network-enabled device. Wi-Fi and capable of hosting a web page and acting as a wireless access point.
“Phishing and social engineering attacks are not common. However, an attacker who manages to obtain leaked or stolen credentials should not have everything,” Miske and Bakri wrote. “[Nuestra investigación] It shows that Tesla does not protect its users or vehicles from stolen credentials. “Unfortunately, an attacker who somehow obtains a vehicle’s Tesla account credentials could take control of the vehicle and drive it away.”
Like many modern cars, Tesla cars are designed around a keyless entry and start system: although every vehicle is equipped with card-like keys, once purchased the owner is encouraged to register their phone instead, allowing you to unlock and start the car without The need for that. Carry nothing else. The problem comes, as Misk and Bakri explain, when your credentials for the Tesla app are leaked.
“The main issue with the design is that Tesla only requires an account email and password, as well as being physically present near a Tesla vehicle to activate the phone key,” the pair wrote. “With the phone key activated, the user or attacker has full control of the vehicle. The flow does not require the user to be inside the vehicle or use another physical factor for authentication, such as a Tesla card key or scanning a QR code that displays a Tesla's touchscreen.”
However, it requires the attacker to know the username and password for the Tesla app, and that's where Flipper Zero comes into play. Flipper Zero is a multi-functional portable Tamagotchi-like device developed to interface with access control systems. The device is capable of reading, copying and emulating NFC chips such as those found in smartphones, radio remote controls, iButtons and digital access keys.
Using an optional Wi-Fi card, researchers demonstrate how Flipper Zero can be used to deploy a malicious wireless hotspot and send users to a fake Tesla login page. When credentials are entered, they are displayed on the Flipper Zero's screen and used to request a one-time code, after which the attacker can configure their own phone as a Tesla key without further interaction from the victim.
The attack demonstration, which Misk and Bakri say was dismissed as “intentional behaviour” by Tesla, comes after the Canadian government announced plans to ban the Flipper Zero and similar devices in order to stem the tide of phone theft. The state, which Flipper Devices noted at the time, said none were known to have been involved in Flipper Zero. Although this attack does that, it doesn't use anything special about Flipper Zero's capabilities: any device that can broadcast a Wi-Fi hotspot and host a web page will be able to perform the same attack.
The full attack is shown in the video embedded above and on Misk's YouTube channel; Tesla has not commented publicly on the apparent vulnerability of its vehicles.
More news that may interest you:
Video | Musk said that the value of Tesla cars will increase, but this is not the case
“Social media evangelist. Student. Reader. Troublemaker. Typical introvert.”
More Stories
Fahad Ghaffar's lawyers present evidence proving investor participation in John Paulson companies
1 cent coins can be worth up to $7,000
This is an American bill that could be worth a fortune to a collector