Poor Tesla Security Proves Us Wrong, The Flipper Zero And Other Devices Can Steal A Modern Car

Source: Bleeping Computer Poor Tesla Security Proves Us Wrong, The Flipper Zero And Other Devices Can Steal A Modern Car

I’m Driving With A Man In The Middle

The Flipper Zero has been in the news lately, thanks to the Canadian government deciding it is a hacking tool capable of helping people steal cars instead of a handy tool to learn about how the networks all around you work.  Sadly, Tesla has decided to prove them right by having an incredibly insecure WiFi network configuration.  There is apparently a network familiar to Tesla users called Tesla Guest, which is easily spoofed using a Raspberry Pi, Flipper Zero or other devices capable of broadcasting a SSID.

Since it is familiar to Tesla owners, they would have no compunction against logging into their Tesla account while connected to that network.  Unfortunately that would mean that the person broadcasting the hotspot would now have your login info, can then feed it to the actual Tesla Guest network to generate and capture a one time key to get around the MFA protection on the Tesla account.  That would give them everything they need to generate a new Phone Key.  There is no notification sent to the owner of this new key being generated, so they would have no idea a total stranger can now unlock their Tesla, start it up and drive away.

Bleeping Computer suggests that some very simple security requirements, such as the phone needing to be physically inside the Tesla to be able to generate a new Phone Key and requiring a physical Tesla Card Key be present would mitigate the issue. 

Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.


  1. psuedonymous

    This hack had nothing whatsoever to do with the Flipper, any device able to generate a WiFi hotspot would work, as the attack is a basic MITM attack.

    The ‘hack’ was to create a fake charger station, and along with it create a fake WiFi hotspot with the expected Tesla hotspot name. Then, create a captive portal page that visually resembled the real Tesla one, and use that to snarf username, password, and 2FA token. Then use those details within the 2FA-valid window to register another phone with the Tesla app.

    Mitigations have nothing to do with the car itself, but instead in user education (not to ignore the security warnings on the spoofed captive portal page), add notifications of another phone app being registered, and ideally change the captive portal authentication method to use an app-generated key rather than regular login credentials – however this last one again is vulnerable to users ignoring security warnings and entering valid credentials anyway.

    • topher

      ^^ all that

      • Jeremy Hellstrom

        It was tongue in cheek! I thought I’d made it pretty clear it was because users are idiots?


Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!