I was at DefCon last year, and there were definitely Flipper Zeros in
use - but little joy to be found from them.
There was a Tesla Y and a Nissan Leaf - both with company reps there
(keeping the hackers from cutting wires or metal).
I would be quite surprised if someone were able to hack in via bluetooth
or the public CAN interfaces. Of course, if they could connect to the
system critical CAN, then that's a different story. Unless Tesla is
using the secured CAN.
Cheers, Peter
On 3/8/24 2:39 PM, Ron via EV wrote:
My flipper zero is still en route, so I can't say for sure, but my reading of radio specs
and capabilities is that anything subject to "attack" by the FZ is badly
designed or incorrectly implemented.
This is not to say that people don't do questionable things with it, but as a long time
subscriber to 2600 magazine ("The Hacker Quarterly"), I can tell you the vast
majority of those things were happening for at least a decade before the FZ came on the
scene.
On March 8, 2024 3:19:26 p.m. CST, "(-Phil-) via EV" <ev@lists.evdl.org> wrote:
This is a very low probability vulnerability. Obviously always be careful
where you enter credentials.
On Fri, Mar 8, 2024 at 1:14 PM Robert Johnston via EV <ev@lists.evdl.org>
wrote:
It's a common man-in-the-middle attack, and you don't need a Flipper Zero
to do it, any PC, laptop, even a cellphone could do the same. See also:
Phishing attacks at coffee shops and the like.
On Fri, 8 Mar 2024 at 13:57, EV List Lackey via EV <ev@lists.evdl.org>
wrote:
The subject line is a bit frivilous, but actually I guess that this is
potentially serious.
-----
"Security researchers report they uncovered a design flaw that let them
hijack a Tesla using a Flipper Zero, a controversial $169 hacking tool
...
"Using a Flipper, the researchers set up a WiFi network called 'Tesla
Guest,' the name Tesla uses for its guest networks at service centers ...
"[The thief] could broadcast the network near a charging station, where a
bored driver might be looking for entertainment. The victim connects to
the
WiFi network and enters their username and password on the fake Tesla
website. The [thief] then uses the credentials to log in to the real
Tesla
app, which triggers a two-factor authentication code. The victim enters
that
code into the fake website, and the thief gains access to their account.
Once you´re logged into the Tesla app, you can set up a "phone key" which
lets you unlock and control the car over Bluetooth with a smartphone.
From
there, the car is yours."
Yikes.
Full story:
https://jalopnik.com/want-to-steal-a-tesla-try-using-a-flipper-zero-
1851316625
Or https://v.gd/FPzvOL
David Roden, EVDL moderator & general lackey
To reach me, don't reply to this message; I won't get it. Use my
offlist address here : http://evdl.org/help/index.html#supt
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
I asked a man in prison once how he happened to be there and
he said he had stolen a pair of shoes. I told him if he had
stolen a railroad he would be a United States Senator.
-- Mary Harris Jones
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
_______________________________________________
Address messages to ev@lists.evdl.org
No other addresses in TO and CC fields
HELP: http://www.evdl.org/help/
--
Robert "Anaerin" Johnston
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://lists.evdl.org/private.cgi/ev-evdl.org/attachments/20240308/0f5f199c/attachment.htm
_______________________________________________
Address messages to ev@lists.evdl.org
No other addresses in TO and CC fields
HELP: http://www.evdl.org/help/
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.evdl.org/private.cgi/ev-evdl.org/attachments/20240308/0669496c/attachment.htm>
_______________________________________________
Address messages to ev@lists.evdl.org
No other addresses in TO and CC fields
HELP: http://www.evdl.org/help/
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.evdl.org/private.cgi/ev-evdl.org/attachments/20240308/87132897/attachment.htm>
_______________________________________________
Address messages to ev@lists.evdl.org
No other addresses in TO and CC fields
HELP: http://www.evdl.org/help/
_______________________________________________
Address messages to ev@lists.evdl.org
No other addresses in TO and CC fields
HELP: http://www.evdl.org/help/
