As cars become more technologically advanced, they open new doors for hackers to gain access to your personal information.
Need proof? A recent video shows how hackers can gain access to any Tesla model, and drive away without the owner’s knowledge.
Uploaded by Canadian-German YouTube channel Mysk – not in any way related to Tesla CEO Elon Musk – software developers showed how to gain access to the owner’s information required to steal a Tesla.
First, using a device which can create a Wi-Fi network, the hacker creates what appears to be a public network for Tesla owners – potentially at a Supercharger, for example, where owners may be tempted to log on while they charge.
When owners connect their phone, they’re prompted to provide their email and password details to access their Tesla account – mimicking the sign-in page for many public Wi-Fi networks, such as those at airports.
The device used by the hackers copies this information and the subsequent two-factor authentication passcode, which they then use to login to the owner’s Tesla account to provide, allowing them to access a mobile key.
Once these details are saved in the hackers’ phone application, they now has full access to the Tesla with the ability to start it and drive away.
It’s worth noting the existing owner’s physical phone can’t be removed from their account without being notified, and it’s likely the Tesla’s location tracking software will remain functional when it’s driven away, making it easy to track down.
Mysk maintains they only performed the hack on one of their own cars to showcase the Tesla’s security flaws in a bid to encourage a fix for the problem.
Security concerns in tech-heavy cars are nothing new. Back in 2015, technology publication Wired invited two hackers to take control of a Jeep Cherokee while driving alongside the SUV, ultimately pulling it over to the side of the road and removing control from its driver.
Tesla has also previously held a ‘Hackathon’ event in which it invites cybersecurity experts to break into its vehicles, as it attempts to protect them from future attacks.
The petrol-powered Porsche Macan won’t be sold in Europe from July as it does not meet the continent’s cybersecurity laws, though weaker regulations elsewhere allow it to continue on sale.