[HN Gopher] Want to Steal a Tesla? Try Using a Flipper Zero
___________________________________________________________________
Want to Steal a Tesla? Try Using a Flipper Zero
Author : rntn
Score : 18 points
Date : 2024-03-07 17:35 UTC (5 hours ago)
(HTM) web link (gizmodo.com)
(TXT) w3m dump (gizmodo.com)
| hyperific wrote:
| Misconstruing/misrepresenting what the Flipper Zero can do is
| very in vogue right now.
| ThrowawayTestr wrote:
| The article doesn't misconstrue, but it also fails to mention
| that the attack can be done with any computer with a wifi chip.
| Not that surprising for a rag like Gizmodo.
|
| Edit: they do mention that at the very end of the article
| bdavbdav wrote:
| It kind of does in my view. The flipper has no WiFi. It's
| just a dumb controller of some esp device. You could have the
| esp do it alone.
| datameta wrote:
| >The issue isn't "hacking" in the sense of breaking into
| software, it's a social engineering attack that fools a user
| into handing over their information.
|
| Very much so.
| ImpostorKeanu wrote:
| Agreed. Just clickbait garbage.
| Havoc wrote:
| That seems to have very little to do with the flipper
|
| It's just a malicious hotspot
| cheesemayo wrote:
| Accurate headline: "The credentials on a Tesla account are used
| to operate one's car. You can steal a car by tricking someone
| into giving you their credentials."
| Spivak wrote:
| The only part the Flipper contributed to this was _setting up a
| fake Wi-Fi network_?! The thing you can do on every laptop in the
| world?
|
| Worse the Flipper Wi-Fi module isn't even standard.
| tamimio wrote:
| > Worse the Flipper Wi-Fi module isn't even standard
|
| The range is poor too, for that attack to work, the flipper
| wifi should be stronger than the tesla so the client can
| connect to it instead, as it will prefer the stronger signal,
| so you will probably need to be standing next to tesla for it
| to work.
| gorjusborg wrote:
| "bro, why you holding that Tamagotchi next to my car?"
| interestica wrote:
| This is just a fake wifi hotspot + legit looking landing page to
| get someone to enter their credentials. One could do this
| anywhere -- Starbucks, library, transit.
| tamimio wrote:
| Why include the Flipper Zero in the 'hacking' equation when the
| same task can be accomplished with an Alfa Wi-Fi adapter and a
| laptop, from a distance far from the Tesla (say inside your car
| in the parking lot near the charging station), unlike the
| Flipper? It seems to me that these researchers are merely seeking
| cheap publicity by riding on the coattails of the Flipper Zero
| controversy. A clueless government official -looking at you ISED-
| will see the title and will rush to ban the flipper when the real
| issue never been dealt with..
| jesseendahl wrote:
| Tesla should just implement support for passkeys. Since WebAuthn
| credentials are bound to the domain they are created for, they
| are strongly phishing resistant.
|
| If you could login to the Tesla app with a passkey instead of
| password + TOTP, then a fake phishing site (on a different
| domain) would be unable able to steal people's Tesla account
| credentials.
___________________________________________________________________
(page generated 2024-03-07 23:02 UTC)