Security researchers report that they have discovered a way to steal a Tesla car using Flipper Zero, a Russian hacking tool that costs $169, Gizmodo writes.

Tommy Mysk and Talal Haj Bakry of Mysk Inc. say that this is not hacking in the sense of software hacking, but rather something closer to so-called social engineering.

Using Flipper, the researchers created a Wi-Fi network called “Tesla Guest,” which is what Tesla calls its guest networks in service centers. Maisk then created a website that looks like a Tesla login page.

The process is simple. In this scenario, hackers can distribute the network near a charging station where a driver is bored while his car is charging. The victim connects to the network and enters their username and password on a fake Tesla website.

The hacker then uses the credentials to log in to the genuine Tesla app, which runs a two-factor authentication code. The victim enters this code on a fake website and the thief gains access to the account.

After logging in to the Tesla app, you can set up a phone key that allows you to unlock and control the car via Bluetooth using your smartphone. From that moment on, the car is yours.

According to Mysk, Tesla does not notify users about the creation of new keys, so the victim does not learn about the activities of the attackers. In addition, fraudsters don’t have to steal the car right away, as the app shows the vehicle’s location.

The Tesla owner can finish charging the car and go shopping or park it near his house. The thief would simply watch the victim through the app and then drive up at the right time and drive away.

“This means with a leaked email and password, an owner could lose their Tesla vehicle. This is insane,” Tommy Mysk said.

Maysk informed that he had contacted Tesla about this issue, but the company replied that it was not a real problem.

We have previously written that Canada is already considering banning the Russian Flipper Zero as part of its fight against car theft.