cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video how to "hack" a Tesla
using Flipper Zero, a Raspberry Pi, or just a laptop to pull the "hack" off.
The problem isn't hacking- like breaking into software, it's a social engineering attack that tricks a car owner into handing over their information. Using a Flipper, the experts create a WiFi network called "Tesla Guest," the same name Tesla uses for its guest networks at service centers. After this, Mysk created a fake website resembling Tesla's login page.
After this, it's a cakewalk. In this case, hackers broadcast networks around a charging station, where a bored driver might be looking to connect over WiFi. The owner (here, the victim) connects to the WiFi and fills in their username and password on the fake Tesla website.
And it's not just Tesla's
When Mysk informed Tesla about his findings, the company said it was all by design and "intended behaviour," underplaying the flaw.
Mysk doesn't agree, stressing the design to pair a phone key is only made super easy at the cost of risking security
https://www.cysecurity.news/2024/03/thinking-of-stealing-tesla-just-use.html