Researchers Hijack Tesla Using $169 Device by Exploiting Login System
-
Researchers were able to hijack a Tesla using a $169 hacking device called a Flipper Zero by tricking the owner into entering their Tesla login credentials.
-
Once logged into the Tesla app, the researchers set up a "phone key" to unlock and access the Tesla remotely via Bluetooth.
-
The researchers were able to steal the Tesla multiple times without needing the owner's physical key card, which Tesla claims is required to authenticate new phone keys.
-
Tesla responded that not needing the physical key card to add a phone key is the "intended behavior", which the researchers call "preposterous".
-
The researchers recommend Tesla make the key card mandatory for adding new phone keys and notify users when new keys are added to improve security.