demonstrating how to unlock and start a Tesla by setting up an official-looking Wi-Fi network at charging stations.
However, the task proved far too easy as it lacked proper authentication, the duo, who call their company Mysk Inc., reported. Tesla dismissed the issue, saying it was out of the scope of their Bug Bounty Program when reported by the researchers.The attack involved a captive Wi-Fi network deployed at a Tesla charging station, which imitated “Tesla Guest”, an SSID typically found at a Tesla Supercharger.
Once the victim had connected to the captive network, a fake login screen asked for their Tesla login credentials.