Hackers Are Allegedly Using Flipper Devices To Steal Teslas And Break Into Hotel Rooms!

Apex’s Word - See the Video and come back and Read our perspective below…

Security researchers Tommy Mysk and Talal Haj Bakry have demonstrated a method by which attackers can exploit Tesla's digital key system to gain unauthorized access to vehicles using a device like the Flipper Zero.

🚨 How the Attack Works

1. Spoofing Wi-Fi Networks: Attackers set up a counterfeit Wi-Fi network named "Tesla Guest," mimicking the legitimate networks found at Tesla service centers and charging stations

2. Phishing for Credentials: When a Tesla owner connects to this fake network, they are directed to a fraudulent login page resembling Tesla's official portal. Unsuspecting users may enter their Tesla account credentials, including their email, password, and two-factor authentication (2FA) code.

3. Gaining Account Access: With these credentials, attackers can swiftly log into the victim's Tesla account via the official app, before the 2FA code expires

4. Adding a New Phone Key: Once inside the account, the attacker can add a new phone key, enabling them to unlock and operate the vehicle via Bluetooth. Notably, this process does not require the physical key card, and Tesla does not notify the owner when a new phone key is added

5. Vehicle Theft: Armed with the new phone key, the attacker can locate the vehicle using the app and access it at their convenience

🔐 Tesla's Response

Upon being informed of this vulnerability, Tesla acknowledged the report but deemed it "intended behavior," indicating no immediate plans to alter the current system

🛡️ Recommendations for Tesla Owners

• *Avoid Public Wi-Fi: Refrain from connecting to unfamiliar or unsecured Wi-Fi networks, especially those named "Tesla Guest."

• *Use Physical Key Cards: Whenever possible, use the physical key card for vehicle access and operations.

• *Monitor Account Activity: Regularly check your Tesla account for any unauthorized devices or changes.

• *Enable Notifications: f available, set up alerts for account logins and changes to enhance security awareness.

·         Security researchers have demonstrated a method by which Tesla vehicles can be compromised using a Flipper Zero device in conjunction with a Wi-Fi development board. This technique involves creating a rogue Wi-Fi network, often named "Tesla Guest," to mimic legitimate Tesla service center networks. When a Tesla owner connects to this network, they are presented with a counterfeit Tesla login page. Upon entering their credentials, including two-factor authentication codes, the information is captured in real-time by the attacker. With these credentials, the attacker can register their own device as a key, allowing them to unlock and operate the vehicle without the owner's knowledge.

·         Tesla has acknowledged this vulnerability but has categorized it as "out of scope," indicating no immediate plans to address the issue. Experts suggest that implementing measures such as requiring physical key card authentication for new device pairings and notifying owners of new key registrations could mitigate this risk.