Yes. There are at least two potential problems with
any type of public WiFi:
- Compromised WiFi system -- If somebody breaks into Tesla's (or whoever's) WiFi equipment, they could insert data sniffers to steal your data. This could include both data to and from the car itself and data you transmit via the Tesla's browser. How important such data theft is depends on the nature of the data, of course. In a worst-case scenario, they might get enough data to drain a bank account, steal your identity, steal your car (see below), etc.
- WiFi spoofing -- An attacker might set up a fake WiFi access point that looks like Tesla's (or whoever's) public WiFi. This might be done at a Supercharger (overpowering the legitimate signal or replacing it -- say by unplugging Tesla's legitimate WiFi antenna) or at some other random site. Your phone or car might then automatically connect to said fake access point, and whoever controls it can steal your data much as in the previous scenario.
I don't know how serious such problems are, even in theory, for Tesla vehicles themselves; they might or might not include protections. The cars
do, of course, send and receive highly sensitive data -- namely, the software at the heart of every Tesla. If that's not adequately protected, an attacker could theoretically deliver a hacked software update that could do some very nasty things. (Imagine a "bricked" Tesla -- or worse, one with brakes that stop working once the car's speed exceeds 60 mph.) I sincerely hope that Tesla uses cryptographic signatures on its software images to prevent such fakery, but I honestly haven't looked into it in detail; I guess I just assumed Tesla was competent about this when I bought my car. Assuming the best on this score, WiFi spoofing or compromised networks could still lead to problems if you use the car's browser to access public Web sites with poor security practices, so caution is advised when doing so.
These types of problems are outlined in general terms in many articles; see
here, for example. Such articles generally focus on WiFi as used by laptops, tablets, and cell phones, but Teslas are basically tablet computers on wheels, so exactly the same issues apply to them.
One dramatic Tesla-specific demonstration is in this video:
To the best of my knowledge, nobody has
actually stolen a Tesla in the way demonstrated in the video, so that could qualify as alarmist; but the generic security issues of public WiFi are very real, and it's only a matter of time before somebody targets Teslas in some way. (I gather that some car thieves in Europe have started spoofing signals sent by wireless keyfobs and are stealing Teslas in that way, though.) As a general rule, it's best to not use public WiFi at all; and if you do use it, tell your device (car, laptop, tablet, or cell phone) to forget the network as soon as you're done using it. That will minimize the risk of the device auto-connecting to a spoofed connection in the future. When you are connected to public WiFi, be alert to security warnings. Encrypted connections, like HTTPS, provide some protection against man-in-the-middle attacks, so you may see warnings if something fishy is happening. Don't ignore those warnings; drop the connection immediately. (Unencrypted links, like HTTP, are easier to attack without provoking a warning.) If you must connect to the Internet but the WiFi is suspicious, use your cell phone to set up a WiFi hot spot instead.
