Steal a Tesla Using an Android App

Monday, November 28, 2016 @ 07:11 PM gHale

It is possible to locate, unlock, and steal a Tesla using just an Android app.

Every Tesla model comes with a companion smartphone application for Android and iOS that allows owners to do basic things such as checking the battery level and the charging status, locate the vehicle, and flash the lights to find it in the parking lot.

Drawing Up Plans for Auto Security
Black Hat: Hacking a Car, Again
Learning to Eliminate Corrupted Data
3D Hand Boosts Security

And while these certainly come in handy, they can also end up used by hackers to drive away by simply compromising the Android application, said researchers at security company Promon.

“Our experts have been able to take full control of a Tesla vehicle, including locating and tracking the car, opening the doors and enabling its keyless driving functionality,” said Promon’s Lars Lunde Birkeland in a blog post. “Crucially, this is all done by attacking and taking control over the Tesla app, and underlines the vital importance of watertight app security, and the wider implications this could have for IoT-connected devices in general.”

No hack can occur unless Tesla car owners download and install a malicious application on their Android phones.

In order to trick Tesla owners into downloading the app, hackers used a simple incentive such as a free burger. They created a free and open Wi-Fi hotspot in the proximity of a Tesla charging station and advertised the app on connected phones, claiming owners can receive a free burger if they install it.

Once the Tesla owner installs this malicious app, hackers can then connect to the phone and prepare the hijack. Promon said the Tesla companion app gains an OAuth token when connecting the Tesla server with a username and password.

“The first time the user logs into the Tesla app, the token is obtained and then stored in cleartext in a file in the app’s sandbox folder. When the app is restarted, the token is read and used for subsequent requests,” Lunde Birkeland said.

The next step is to reset this token, which in turn would prompt users to input the username and password for the app once again. To do this, attackers only have to remove the token completely, so when Tesla owners provide the username and password, hackers can intercept the data and use it to authenticate in the app.

What comes next is not hard to imagine. With hackers getting full access to the Tesla companion app, they can locate the car and even enable the keyless driving functionality that makes it possible to drive it without a key.

This isn’t a vulnerability in Tesla cars themselves, but a glitch in mobile apps attackers could use to steal the vehicles.

Researchers said this only shows the risks of having objects controlled by smartphone apps, and recommend users to update their systems and apps and to always avoid downloading apps coming from untrusted sources.

Click here to view a video on how to steal a Tesla.

Leave a Reply

You must be logged in to post a comment.