The IT security researchers from Norway-based firm Promon have discovered a critical issue in the Tesla smartphone app on Android and iOS that allow an attacker to locate Tesla Model S, unlock, enable keyless driving functionality and steal the vehicle without any restrictions.
In a video demonstration, researchers can be seen with a Macbook exploiting official Tesla apps by setting up a fake Wi-Fi spot to trick users into connecting and download a malicious app on their smartphones.
For this, researchers try to convince Tesla owners by offering them a free and delicious meal of burger if and only if they download a malicious app. Once the owner installs that app, researchers will be able to gain root permissions and replace the original app by conducting a privilege escalation attack similar to rooting apps like Towelroot and Kingroot or even malware like Godless and HummingBad.
Upon opening the app next time, it will ask the victim to sign in with their login credentials which then will be sent to the command and control center set up by the researchers allowing them to have full access to Tesla Model S and steal it by making HTTP requests.
“At this point, the target knows nothing about the free burger app’s true intentions, but now the hackers have access to the Tesla app, they can track the car. Once parked up for the night, they can track down the car, instruct it to unlock (a feature of the app), then enable ‘keyless driving’ mode.”
According to the official description on iTunes, the Tesla Motors app puts Tesla owners in direct communication with their cars anytime, anywhere. With this app, owners can:
– Check charging progress in real time and start or stop charge
– Heat or cool your car before driving — even if it’s in a garage
– Locate your car with directions or track its movement across a map
– Flashlights or honk the horn to find your car when parked
– Vent or close the panoramic roof
– Lock or unlock from afar
Imagine the damage that can be done if hackers get their hand on this exploit. Tesla Model S owners can do themselves a favor by not falling for free burger meals since “There ain’t no such thing as a free lunch.”
Remember, the problem is not with the Tesla security, this whole demonstration and hacking feat depends on the owners being informed about ongoing security threats and scams.
In a response to IBTimes UK, Telsa spokesperson said that “The report does not demonstrate any Tesla-specific vulnerabilities. This demonstration shows what most people intuitively know – if a phone is hacked, the applications on that phone may no longer be secure.”
At the same time, researchers have criticized the poor security implemented by Telsa, such as the app not offering any kind of resistance, OAuth token is stored in plain text, no attempts have been done to encrypt it and getting the car stolen with simply replacing the original app with a malicious one. Click here to go through update post published by Promon researchers.
Remember, this is not the first time when researchers have found a flaw that allows them to remotely take over a Tesla Model S. In September 2016, Chinese hackers from Keen Security Labs demonstrated how attackers can take over Tesla’s brakes from 12 miles away.