Poor Tesla Security Proves Us Wrong, The Flipper Zero And Other Devices Can Steal A Modern Car

I’m Driving With A Man In The Middle

The Flipper Zero has been in the news lately, thanks to the Canadian government deciding it is a hacking tool capable of helping people steal cars instead of a handy tool to learn about how the networks all around you work.  Sadly, Tesla has decided to prove them right by having an incredibly insecure WiFi network configuration.  There is apparently a network familiar to Tesla users called Tesla Guest, which is easily spoofed using a Raspberry Pi, Flipper Zero or other devices capable of broadcasting a SSID.

Since it is familiar to Tesla owners, they would have no compunction against logging into their Tesla account while connected to that network.  Unfortunately that would mean that the person broadcasting the hotspot would now have your login info, can then feed it to the actual Tesla Guest network to generate and capture a one time key to get around the MFA protection on the Tesla account.  That would give them everything they need to generate a new Phone Key.  There is no notification sent to the owner of this new key being generated, so they would have no idea a total stranger can now unlock their Tesla, start it up and drive away.

Bleeping Computer suggests that some very simple security requirements, such as the phone needing to be physically inside the Tesla to be able to generate a new Phone Key and requiring a physical Tesla Card Key be present would mitigate the issue.