More and more modern vehicles use internet-facing and connected features in the name of convenience. The reality is that the convenience of these features can actually present a whole new attack surface for threat actors to exploit—that's exactly what a team of security researchers at Mysk found in a new social engineering attack aimed at exposing a vulnerability in Tesla's fleet of cars.
Security researchers at Mysk have found success in tricking users who utilize the free wireless internet broadcasted at many of Tesla's Supercharging and Service stations. Rather than connect to the internet, the drivers are unknowingly providing the attackers with all of the details they need to create a key for their vehicle. Get Fully Charged Phone as a Key for Tesla Tesla allows owners to use their phones as keys for their vehicles. When moving to a new phone, owners can simply sign into the app on their new phone and, as long as they are near their car, automatically authorize the phone as a new key. Here's how the attack chain works: First, the researchers picked up a Flipper Zer