Digital keys have become a common and convenient way of unlocking electric vehicles — but security researchers have demonstrated how criminals can take advantage of this.
They simply needed a small Flipper Zero device and a Wi-Fi development board — both of which can be bought online. How does the hack work?The researchers conducted this exploitation through a public Wi-Fi network named “Tesla Guest," just like the ones used at Tesla servicing centers. If exploited in the real world, a hacker would only need to wait for an unsuspecting Tesla driver to connect to the fake Wi-Fi network and type their login details into the spoofed login portal. The user’s credentials, including their email address, password and 2FA code, would then appear on the Flipper Zero's screen. Then, after obtaining this information, the hacker can launch the Tesla app and access the victim’s account.
The researchers were surprised to learn that you need a physical key card to authenticate the removal of a digital key — and that a push notification is sent to the car's owner after a key is removed. This is despite the fact that no such notification is sent when a new key is added. —MadRadar hack can make self-driving cars 'hallucinate' imaginary vehicles and veer dangerously off course