'White hat hackers' carjacked a Tesla using cheap, legal hardware — exposing major security flaws in the vehicle

Security researchers used a $169 Flipper Zero device and a Wi-Fi development board to obtain a driver's credentials, break into a Tesla Model 3 and drive away.

A hand holding an unlocked padlock in front of a blurry tesla logo.
Cybersecurity researchers used a FlipperZero device to gain a driver's username, password and two-factor authentication code, then drive off with their vehicle.
(Image credit: Alberto Garcia Guillen via Shutterstock)

Digital keys have become a common and convenient way of unlocking electric vehicles (EVs) — but security researchers have demonstrated how criminals can take advantage of this.

Cybersecurity researchers Tommy Mysk and Talal Haj Bakry, who work for tech firm Mysk, have discovered an exploit that lets cybercriminals access Tesla accounts to generate a "digital key" before unlocking a victim's car and driving away. They detailed their findings in a YouTube presentation on March 7.

Nicholas Fearn is a freelance technology and business journalist from the Welsh Valleys. With a career spanning nearly a decade, he has written for major outlets such as Forbes, Financial Times, The Guardian, The Independent, The Daily Telegraph, Business Insider, and HuffPost, in addition to tech publications like Gizmodo, TechRadar, Computer Weekly, Computing and ITPro.