Hacking a Tesla is a thing we’ve seen before, but this time a team of security researchers at a company called Promon managed to locate, unlock, and steal a car using just an Android app.
Every Teslamodel comes with a companion smartphone application for Android and iOS that allows owners to do basic things such as checking the battery level and the charging status, locate the vehicle, and flash the lights to find it in the parking lot.
And while these certainly come in handy, they can also be used by hackers to drive away by simply compromising the Android application.
First and foremost, it’s essential to note that no hack can occur unless Tesla car owners download and install a malicious application on their Android phones. This is absolutely mandatory and it’s a confirmation that if you care about your security and don’t download suspicious files, it’s pretty hard to get hacked.
In order to trick Tesla owners into downloading the app, hackers used a simple incentive such as a free burger. They created a free and open Wi-Fi hotspot in the proximity of a Tesla charging station and advertised the app on connected phones, claiming that owners can receive a free burger if they install it.
Supposing the Tesla owner install this malicious app, hackers can then connect to the phone and prepare the hijack. Promon says that the Tesla companion app is granted an OAuth token when connecting the Tesla server with a username and password.
“The first time the user logs into the Tesla app, the token is obtained and then stored in cleartext in a file in the app’s sandbox folder. When the app is restarted, the token is read and used for subsequent requests,” the security researchers explain.
The next step is to reset this token, which in turn would prompt users to input the username and password for the app once again. To do this, attackers only have to remove the token completely, so when Tesla owners provide the username and password, hackers can intercept the data and use it to authenticate in the app.
What comes next is not hard to imagine. With hackers getting full access to the Tesla companion app, they can locate the car and even enable the keyless driving functionality that makes it possible to drive it without a key.
What’s also important to note is that this isn’t a vulnerability in Tesla cars themselves, but a glitch in mobile apps that could be used by attackers to steal the vehicles. Researchers explain that this only shows the risks of having objects controlled by smartphone apps, and recommend users to update their systems and apps and to always, but always, avoid downloading apps coming from untrusted sources.+