While unlocking vehicles using smartphone apps rather than physical keys offers significant convenience benefits, it also significantly expands the attack surface.
Security researchers have just discovered a method that uses a Flipper Zero connected device to trick Tesla owners into handing over control of their car to a malicious third party. This allows you to unlock the vehicle and even make it leave.
Researchers at Mysk Inc have developed a method to trick a Tesla owner into giving up their vehicle’s login credentials. A hacker would use the Flipper Zero and a Wi-Fi development board to broadcast a fake Tesla Wi-Fi network login page – “Tesla Guest” is the name given to Wi-Fi networks in service centers – and then use these credentials to log into the owner’s account and create new virtual “keys” to the car.
This attack bypasses two-factor authentication
Everything the owner enters on the fake login page – username, password and two-factor authentication code – is then captured and displayed on the Flipper Zero.
Here’s an overview of the process.
This attack also bypasses two-factor authentication because the fake Tesla guest Wi-Fi login page asks for the two-factor authentication code which the hacker then uses to access the account. This means that the hacker must work quickly and be able to request and then use this code quickly to gain access to the account.
There are many other tools that could be used to carry out this attack
Will the physical key card Tesla provided protect you against this attack? According to the user manual, yes, because this “key card is used to ‘authenticate’ smartphone keys that work with Model 3 and to add or remove other keys.” But, according to Mysk, that’s not the case.
Mysk says he contacted Tesla for comment on this vulnerability and was told that the company had “investigated and determined that this was the intended behavior,” which is concerning. Mysk recommends that Tesla make it mandatory to use the key card to create new keys in the app, and that owners be notified when new keys are created.
Mysk and Bakry use a Flipper Zero here, but there are many other tools that could be used to carry out this attack, such as a Wi-Fi Pineapple or a Wi-Fi Nugget.
How to protect yourself against this type of attack?
ZDNET has reached out to Tesla for comment and we will update this article with their response.
How to protect yourself against this type of attack? First of all, don’t panic. This attack is unlikely to be widespread: The attacker should be near your vehicle and log into your Tesla account in real time.
Second, note that you don’t need to enter your two-factor authentication code to be able to log in to Tesla’s guest Wi-Fi account. When in doubt, avoid free Wi-Fi.
To go further on the Flipper Zero
Source: “ZDNet.com”