Warning issued to Tesla owners after researchers use fake charging station Wi-Fi to hack into and steal vehicles
Innocently using the public Wi-Fi network while charging your Tesla could help hackers steal your car.
Tesla owners have been given a stark warning about a new way hackers might be able to steal their cars.
Cybersecurity firm Mysk posted a YouTube video this past week which shows how they were able to dupe drivers into joining an unsecured Wi-Fi network that let them hack info from them - and ultimately nick their vehicles.
Their method is simple - they used a small computer to create a Wi-Fi network that they called 'Tesla Guest', just like the networks that surround many charging points.
Advert
Once you tap to join the network, you'll be taken to a fake login screen to put your details in and log into your Tesla account.
In reality, though, this is just giving your username and password to the hackers, who then show how they could use this information rapidly to steal the car.
They quickly use the user's login credentials in the Tesla app on their own phone, doing so in time to use a two-factor one-time passcode (which wouldn't have been used by the Tesla owner, as they wouldn't have realized what was happening).
This lets them use the Tesla app as if they owned the car themselves. And if they're near the car, they can activate the app's Phone Key feature and get into the vehicle without any issues.
Since you don't need to be inside the Tesla to set the feature up, you can do this without the actual owner ever being told - the video suggests they're not given a push notification or an alert.
They're then able to hop in the car and drive it away if the actual owner is somewhere else, getting coffee or refreshing themselves.
One bit of good news is that the video shows that removing a phone key from the car does send a push notification to the owner, and it also requires a key card to validate the change, which is something that could save you a lot of strife.
Interestingly, the video ends by saying that all this information was sent to Tesla's Product Security team, who reportedly replied to say that it was all "intended behaviour" and nothing faulty - so really, the onus is on you to make sure you're not duped by bad actors masquerading as public Wi-Fi networks.
But the video does argue that "Tesla should make key card authentication mandatory", and that it should also "notify owners when new keys are added".
This is just the latest scary example of how important it is to double-check any public Wi-Fi network before you join it - networks can easily be disguised to look familiar, so you'll want to be as vigilant as possible.