A small group of hackers from a Norwegian cyber security firm have properly shown just how cyber criminals can in fact, easily exploit the security system presented in the Tesla’s car using the Tesla mobile application.
The researchers from Promon had made great use of a laptop to remotely unlock the Tesla’s Model S car. Not only was the team able to unlock the car using a laptop, they were also able to start the electric car and proceed to drive off without the need of any key. This whole operation was done by hacking into the owner’s cell phone.
Promon went on to publishing a video that clearly exposes the extreme vulnerabilities hidden within the Tesla mobile application. It’s a rather big deal, as the owners can use the mobile application to check their battery life and charging status, locate their car, regulate temperature prior to entering the car, flashing their lights to help find their car in a crowded parking lot, and much, much more. And yes, the app comes on both iOS and Android platforms.
This exploit was able to be executed as some social engineering also took place. The hackers had convinced the owner that they needed to download a special malicious app on their device. Once downloaded and installed, they then proceeded to create a free open Wi-Fi hotspot close to the Tesla charging station.
Founder and CTO of Promon, Tom Lysemose Hansen, stated that the “Keen Security Labs’ recent research exploits flaws in the CAN bus systems of Tesla vehicles, enabling them to take control of a limited number of functions of the car. Our test is the first one to use the Tesla app as an entry point, and goes a step further by showing that a compromised app can lead directly to the theft of a car.”
And the innovating company had released a software patch to fix this flaw just a few days after the demonstration was released publicly.
“Our test is the first one to use the Tesla app as an entry point.”
Sorry, but this was not hacking into the Tesla app. What this company had done was forcibly convince an owner to download a special app in order to hijack the phone. From there, they where able to compromise the application.
From one perspective, this is stealing the car using the mobile application. However, from another perspective, this is nothing more than hijacking a phone in order to operate the application remotely and render the car vulnerable.
“By moving away from having a physical car key to unlock the door, Tesla is basically taking the same step as banks and the payment industry. Physical tokens are replaced by ‘mobile tokens,’” said Hansen. He continues, “we strongly believe that Tesla and the car industry need to provide a comparable level of security, which is certainly not the case today.”
This article (Hackers Stole Tesla Car from Tesla Mobile App) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.