Stealing A Tesla With A Flipper Zero Is Surprisingly Easy

steal a tesla by mitm attack with flipper zero or other hardware
Researchers have shown that running a man-in-the-middle attack against a Tesla owner can potentially compromise their account, unlock their car, and ultimately allow threat actors to drive away with it. There are, of coruse, a number a caveats. Much of this hinges on some social engineering, and tricking the Tesla owner to use a spoofed Wi-Fi access point on a device like the Flipper Zero (or similar hardware), but in the end, it is entirely plausible thanks to what Tesla calls intended behavior.

The Tesla theft begins with the attacker spooling up a captive Wi-Fi network named “Tesla Guest,” similar to the networks found at Tesla service centers. In the video showcasing this attack below, the researchers at Myst used a Flipper Zero, but it would be much easier to use a laptop and Wi-Fi dongle or something like a Wi-Fi Pineapple, which is another Wi-Fi tool. Once the victim’s phone sees this network, it will automatically connect and prompt them with a login page to use the fake Wi-Fi; at this point, the victim will hopefully enter their Tesla credentials and 2FA code. The attacker can then take this information and log into the Tesla app, at which point, so long as they are relatively close to the vehicle, they can add a phone key to their device to control the car.

Curiously, Tesla does not reportedly notify users that a new phone key has been added to their account, either in the app or in the vehicle, so it is pretty stealthy so long as all the other pieces fall into place. Moreover, Tesla vehicles ship with a physical key to authenticate certain actions regarding the phone key, but this does not apply to creating a key. The researchers found that it does apply to removing an added key, though, which also notifies the Telsa owner with a push notification. Insofar as authenticating the Tesla phone key, the physical key is seemingly only used as a fallback if you are not close to the vehicle in the first place.

This issue was reported to Tesla Product Security who explained that they investigated the problem and “determined that this is the intended behavior.” However, as noted by the research team, losing your Tesla credentials should not be in the chain of events leading to losing your car. This seems to be the case as things stand though, and Tesla has deemed it a non-issue at this point.

Regardless, you should always be acutely aware of where you are putting your credentials and 2FA codes and ensure they are the real deal. It is remarkably easy to spoof a Wi-Fi network with a Flipper Zero or other hardware. Hopefully, this path for stealing a Tesla gets fixed soon, but it seems that convenience has been traded for security, which usually doesn't end well.