Researchers Hack Tesla Vehicles by Exploiting WiFi and Account Access
• Researchers conducted a MiTM phishing attack to unlock Teslas, start them, and steal them by compromising owner accounts.
• Attack works by deploying a fake "Tesla Guest" WiFi network to steal login credentials entered on a phishing site.
• With stolen Tesla account access, attacker can add a new Phone Key to unlock and drive the car away.
• Adding new Phone Key does not require physical authentication with a key card.
• Tesla said it was intended behavior and did not state a key card is needed to add phone key, so no changes planned.