Security News > 2024 > March > Flipper Zero WiFi phishing attack can unlock and steal Tesla cars
An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them.
The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.
An attacker at a Tesla supercharger station could deploy a WiFi network called"Tesla Guest," an SSID that is commonly found at Tesla service centers and car owners are familiar with it.
Once the victim connects to the spoofed network, they are served a fake Tesla login page asking to log in using their Tesla account credentials.
After entering the Tesla account credentials, the phishing page requests the one-time password for the account, to help the attacker bypass the two-factor authentication protection.
Tesla cars also use Card Keys, which are slim RFID cards that need to be placed on the center console's RFID reader to start the vehicle.
News URL
Related news
- Flipper Zero WiFi attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (source)
- FBI warns of massive wave of road toll SMS phishing attacks (source)