e-FTW
New electron smell
Did anyone report this to Tesla? This is a big deal, and easy to deploy.
Someone will get their car stolen/messed with.
Someone will get their car stolen/messed with.
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
this is the correct answer, beware of using public hot spots that you may stumble uponThis is a new instance of old news, and is not Tesla specific problem.
My money is on the Petsmart, as little else is within regular WiFi range. Some employee could have hidden a rogue wireless access point there to try and capture Tesla credentials.Was thinking Tesla should be made aware just so they get more pressure on them to enforce two-factor authentication.
And anyone with a wireless device can check signal strength, locate the source of the malicious network, and you know... ummm... report it.
My money is on the Petsmart, as little else is within regular WiFi range. Some employee could have hidden a rogue wireless access point there to try and capture Tesla credentials.
Again, Tesla does NOT provide WiFi from Supercharger stalls. They do at Service Centers.
I don't trust any password managers.
What about Google Chrome? Do you enter your passwords manually every time? If not, it remembers them all and I often go into Password Manager in Chrome to find my passwords when I forget them.
I didn't even log into Visible Tesla because I was concerned that some private individual having a ton of login credentials and even though I am certain he is a fine and upstanding person, what if he gets hacked? But I now use VT and it's a great program.
Are you sure you're talking about Visible Tesla? It's an open-source application that runs on your hardware, not a service that needs to store your credentials.
Yes, I heard about Visible Tesla, Tesla FI and some other tools.
All these tools need a Login with User and Password and this is for me not secure because only Tesla have my User and Password an nobody else.
What about Google Chrome? Do you enter your passwords manually every time? If not, it remembers them all and I often go into Password Manager in Chrome to find my passwords when I forget them.
No, I'm not sure I even know what I'm talking about. I only know that when I have to enter my credentials on a site other than Tesla's it seems to me they have them. Whether they store it or not, I have no idea. Plus, I've read posts like this here:
Simple Log environment
But I will defer to others when it comes to this kind of stuff since it's beyond my knowledge.
Even 2fa auth that depends on an SMS message is incredibly easy to crack. They can easily spoof your phone and hijack your messages. You need 2fa auth with the google authenticator app, or something similar.
...he saw an SSID "Tesla Guest"
...
He thinks this is a possible phishing scam and wants to know if its possible to enable 2 factor authentication for MyTesla?
SMS 2FA is mediocre at best. If someone was targeting you specifically (to, say, steal your $100K car) they wouldn't have to work hard to figure out your cell number and likely answers to your most common security questions. Then they just call your cel provider (not hard to figure out either) and pretend they are you and that you just got a new phone. By the time you realize your phone doesn't work anymore, they are in your Gmail, Tesla, PayPal, Bank, retirement, etc accounts.Please explain exactly how a cracker/hacker would be able to spoof my phone without knowing the number. Besides, spoofing only works for outbound calling from the "spoofed" number. Calls to the "spoofed" number go to the rightful owner's phone.
SMS 2FA is mediocre at best. If someone was targeting you specifically (to, say, steal your $100K car) they wouldn't have to work hard to figure out your cell number and likely answers to your most common security questions.
Sorry to spread a bunch of FUD, but as a web security professional, I know you have to be on your toes.
Your mother's maiden name can be found with a free account on any number of people search sites once someone knows your name and any city you've ever lived in. Birthdays, spouse info, degrees, anniversaries, your school history, and any number of related facts can be deduced by social media and public records searches. You don't even have to have much public info out there. If you have a Twitter account with three followers, there's a good chance one of those three is a close friend or relative and you can work backwards through their online presence.I'm thinking that's more FUD than fact. Again, explain how the hacker/cracker will have the "likely answers to my security questions."
Could probably do "what is my ip" on google. It would be equally likely to be someone's hotspot.My money is on the Petsmart, as little else is within regular WiFi range. Some employee could have hidden a rogue wireless access point there to try and capture Tesla credentials.
Again, Tesla does NOT provide WiFi from Supercharger stalls. They do at Service Centers.