[ad_1]
While unlocking vehicles with smartphone apps rather than physical keys offers significant convenience benefits, it also significantly expands the attack surface.
Security researchers have discovered a method that uses a $169 Flipper Zero device to deceive Tesla owners into relinquishing control of their cars to a malicious third party, enabling the vehicle to be unlocked and even driven away.
Also: 7 hacking tools that look harmless but can do real damage
Researchers Tommy Mysk and Talal Haj Bakry of Mysk Inc have devised a method for fooling a Tesla owner into handing over their vehicle’s login credentials: An attacker would use the Flipper Zero to broadcast a fake Tesla guest Wi-Fi network login page — “Tesla Guest” is the name given to Wi-Fi networks at service centers — and then use those credentials to log into the owner’s account and create new virtual “keys” to the car.
or Wi-Fi Nugget.
ZDNET has asked Tesla for comment, and we’ll update this article with their response.
Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online
How do you protect yourself from this type of attack? First, don’t panic. This attack is unlikely to be widespread: The attacker would need to be close to your vehicle and carry out the login to your Tesla account in real-time.
Second, note that you do not need to enter your two-factor authentication code to be able to connect to Tesla’s guest Wi-Fi account. If in doubt, avoid free Wi-Fi.
[ad_2]
——————————————————–