Researchers Show How to Steal Tesla Car by Hacking into Owner’s Smartphone

It’s not new for security researchers to hack connected cars. Previously they had demonstrated how to hijack a car remotely, and how to disable car’s crucial functions like airbags by exploiting security bugs affecting significant automobiles.

Now this time, researchers at Norway-based security firm Promon have demonstrated how easy it is for hackers to steal Tesla cars through the company’s official Android application that many car owners use to interact with their vehicle. …

The researchers infected a Tesla owner’s phone with Android malware by compromising the Tesla’s smartphone app, allowing them to locate, unlock and drive away with a Tesla Model S. …

In a blog post, Promon researchers explained that Tesla app generates an OAuth token when a Tesla owner log in to the Android app for the first time. The app then uses this token, without requiring the username and password every time the owner re-opens the app.

This OAuth token is then stored in plain text into the device’s system folder which can be accessed by privileged root user only. …

Source: Researchers Show How to Steal Tesla Car by Hacking into Owner’s Smartphone

Share

Leave a Reply