GadgetBond

  • Latest
  • How-to
  • Tech
    • AI
    • Amazon
    • Apple
    • CES
    • Computing
    • Creators
    • Google
    • Meta
    • Microsoft
    • Mobile
    • Samsung
    • Security
    • Xbox
  • Transportation
    • Audi
    • BMW
    • Cadillac
    • E-Bike
    • Ferrari
    • Ford
    • Honda Prelude
    • Lamborghini
    • McLaren W1
    • Mercedes
    • Porsche
    • Rivian
    • Tesla
  • Culture
    • Apple TV
    • Disney
    • Gaming
    • Hulu
    • Marvel
    • HBO Max
    • Netflix
    • Paramount
    • SHOWTIME
    • Star Wars
    • Streaming
Add GadgetBond as a preferred source to see more of our stories on Google.
Font ResizerAa
GadgetBondGadgetBond
  • Latest
  • Tech
  • AI
  • Deals
  • How-to
  • Apps
  • Mobile
  • Gaming
  • Streaming
  • Transportation
Search
  • Latest
  • Deals
  • How-to
  • Tech
    • Amazon
    • Apple
    • CES
    • Computing
    • Creators
    • Google
    • Meta
    • Microsoft
    • Mobile
    • Samsung
    • Security
    • Xbox
  • AI
    • Anthropic
    • ChatGPT
    • ChatGPT Atlas
    • Gemini AI (formerly Bard)
    • Google DeepMind
    • Grok AI
    • Meta AI
    • Microsoft Copilot
    • OpenAI
    • Perplexity
    • xAI
  • Transportation
    • Audi
    • BMW
    • Cadillac
    • E-Bike
    • Ferrari
    • Ford
    • Honda Prelude
    • Lamborghini
    • McLaren W1
    • Mercedes
    • Porsche
    • Rivian
    • Tesla
  • Culture
    • Apple TV
    • Disney
    • Gaming
    • Hulu
    • Marvel
    • HBO Max
    • Netflix
    • Paramount
    • SHOWTIME
    • Star Wars
    • Streaming
Follow US
TechTeslaTransportation

Tesla’s two-factor authentication easily bypassed by Wi-Fi hijacking hack

$169 device allows hackers to steal Teslas by hijacking charging station Wi-Fi

By
Shubham Sawarkar
Shubham Sawarkar's avatar
ByShubham Sawarkar
Editor-in-Chief
I’m a tech enthusiast who loves exploring gadgets, trends, and innovations. With certifications in CISCO Routing & Switching and Windows Server Administration, I bring a sharp...
Follow:
- Editor-in-Chief
Mar 12, 2024, 1:39 AM EDT
Share
We may get a commission from retail offers. Learn more
Tesla's two-factor authentication easily bypassed by Wi-Fi hijacking hack
Photo by PATRICK T. FALLON/AFP via Getty Images
SHARE

Security researchers have uncovered a critical vulnerability that could allow hackers to steal Tesla vehicles by hijacking Wi-Fi networks at the company’s charging stations. This glaring cybersecurity flaw, which requires only an inexpensive, off-the-shelf tool, exposes a significant risk for Tesla owners and raises concerns about the automaker’s security measures.

The vulnerability was discovered by Tommy Mysk and Talal Haj Bakry, security researchers at Mysk Inc., who demonstrated their findings in a recent YouTube video. According to Gizmodo, which first reported on the video, the researchers showed how hackers could use a simple $169 hacking tool called Flipper Zero, a Raspberry Pi, or even a laptop to exploit this vulnerability.

“This means with a leaked email and password, an owner could lose their Tesla vehicle,” Mysk told Gizmodo, highlighting the severity of the issue. “Phishing and social engineering attacks are very common today, especially with the rise of AI technologies, and responsible companies must factor in such risks in their threat models.”

The researchers’ approach is alarmingly straightforward. Using their chosen device, hackers can create a spoofed Wi-Fi network called “Tesla Guest,” mimicking the network that Tesla typically provides free of charge to customers waiting at charging stations.

If an unsuspecting victim attempts to connect to this fake network, they may be tricked into entering their login credentials on a duplicate site, inadvertently handing over their information to the hackers.

Once the hackers have acquired these stolen login details, they can bypass Tesla’s two-factor authentication and gain access to the victim’s Tesla smartphone app, effectively unlocking the vehicle without ever needing a physical key card.

The implications of this vulnerability are far-reaching. Not only can hackers unlock the vehicle, but they can also create a new “phone key,” enabling them to return to the car at a later time and drive away with it without arousing suspicion.

Disturbingly, Tesla does not currently notify users when a new phone key is created, a fact that Mysk and Bakry highlight in their video.

To validate their findings, Mysk tested the vulnerability on his own Tesla and found that he could easily create new phone keys without ever having access to the original physical key card. This directly contradicts Tesla’s claim in its owner’s manual that such an action is impossible.

When Mysk informed Tesla about his findings, the company downplayed the vulnerability, stating that it was an “intended behavior” – a response that Mysk called “preposterous” in his interview with Gizmodo.

“The design to pair a phone key is clearly made super easy at the expense of security,” he said, criticizing Tesla’s approach.

Mysk argues that Tesla could easily address this vulnerability by simply notifying users whenever a new phone key is created, allowing them to take immediate action if they suspect unauthorized access.

However, whether the automaker will heed this call remains to be seen, leaving Tesla owners potentially exposed to a significant security risk until a fix is implemented.


Discover more from GadgetBond

Subscribe to get the latest posts sent to your email.

Most Popular

Google replaces clunky Drive searches with AI Overviews on mobile

You can finally use Ask Gemini in the Google Drive mobile app

Anthropic’s new admin tools bring discipline to AI spending

Gemini Spark for Mac is here to organize your files

Figma officially earns ISO 42001 certification for AI governance

Also Read
Promotional image for Project Hail Mary, featuring Ryan Gosling

Where to stream Project Hail Mary worldwide

Illustration of digital security featuring a yellow password field with hidden characters, a black unlocked padlock, and a yellow key, representing password protection, authentication, encryption, and secure access to online accounts.

WPA3 explained: Protecting your network in a connected world

Illustration of a person sitting on large, three-dimensional Wi-Fi signal bars while using a tablet, symbolizing wireless connectivity and internet access, set against a bright blue background.

What actually is Wi-Fi?

A person carries the LG xboom Stage 501 portable Bluetooth party speaker by its built-in handle at an outdoor backyard gathering. The speaker features illuminated LED lighting and top-mounted controls while friends socialize in the background, highlighting its portable design for outdoor entertainment.

LG’s new xboom Stage 501 turns your living room into a karaoke bar

Screenshot of a Claude Code artifact viewer displaying a product analytics dashboard. The interface includes version comparisons, mobile UI mockups, conversion metrics, performance charts, and a sharing panel that allows users to distribute the latest artifact version through a shareable link.

Claude Code brings artifacts to Pro and Max users

Promotional graphic showcasing example WhatsApp usernames displayed as profile cards. Sample profiles include @AnnaAtWork, @QueenTrinity, @JonnyR, and @Katy_Paints, illustrating how usernames will appear alongside profile photos and display names. The WhatsApp logo appears in the lower-left corner.

The era of the WhatsApp username is finally here

Screenshot of Google Sheets displaying a spreadsheet with regional sales data and a newly imported 3D stacked column chart. The Chart editor panel on the right shows the chart type set to "3D Stacked column chart," with data for laptops, smartphones, and tablets grouped by region (East, North, South, and West).

You can now import 3D bar charts into Google Sheets

Ryan Gosling in Project Hail Mary

Stream Project Hail Mary starting tomorrow

Company Info
  • Homepage
  • Support my work
  • Latest stories
  • Company updates
  • GDB Recommends
  • Daily newsletters
  • About us
  • Contact us
  • Write for us
  • Editorial guidelines
Legal
  • Privacy Policy
  • Cookies Policy
  • Terms & Conditions
  • DMCA
  • Disclaimer
  • Accessibility Policy
  • Security Policy
  • Do Not Sell or Share My Personal Information
Socials
Follow US

Disclosure: We love the products we feature and hope you’ll love them too. If you purchase through a link on our site, we may receive compensation at no additional cost to you. Read our ethics statement. Please note that pricing and availability are subject to change.

Copyright © 2026 GadgetBond. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | Do Not Sell/Share My Personal Information.