Around 2 months back, The “Keen security team” of the Chinese company Tencent exposed the security vulnerabilities in the Tesla Model S. The hackers successfully controlled the car when it was in motion or parking 12 miles away.
However, Tesla was quick to respond and released an update within 10 days. There have been security breaches in the past as well. The more we advance into the connected world; technology gets more vulnerable to the hackers.
Promon, a security app tools firm from Norway, hacked into the Android app of Tesla car and proved how easy it is to hack into a Tesla car and steal it.
Android application for Tesla car is used to interact with the vehicle. When the hacker has an access to the application, the car’s control will be at the hacker’s disposal.
It all starts with the setting up of a spoofed WiFi Hotspot that tempts the car user into installing a malicious app. This app is a malware that changes the permissions of access to the smartphone.
Also see: How to hack into public Wifi hotspots – 6 ways
This malicious app contains rooting exploits like Towelroot and Kingroot. These rooting exploits escalate the app’s privileges and provide a root access to the system folder and thereby, an opportunity for altering the files.
Now, Tesla car’s owner has an app installed on the smartphone that is used to control the car. When the user enters authentication credentials to access the app’s features, the app saves these credentials in an authenticating service known as OAuth token.
This enables the user to log into the app without entering the credentials every time. However, this is valid for up to 90 days and after this time period, the user has to authenticate again.
Watch Video demonstration:
OAuth token is a plain text file that is stored in the app’s system folder. A hacker can easily access and alter this text file if there is a root access to the smartphone.
How will the hacker gain root access?
When the user installs the malicious app, the hacker gets the root access to the smartphone.
When the access is granted, the hacker will delete the OAuth token. This will prompt the user to enter the username and password to re-authenticate. This will be a perfect opportunity to grab the login credentials.
Once the hacker gets login details, He can send HTTP requests to the Tesla servers using these credentials to control the car’s functions.
This way, Tesla car can be hacked and its’s functions are manageable like locating the car, opening the doors, starting the engine, and steering the car in the desired location.
However, Tesla claims that there is no loophole in the app and this is a social engineering technique that tricks the user into installing the malicious app.
Further, Promon claimed that this technique can be used for any app and not just for Tesla app.
We can infer two conclusions from this hacking process.
First, the user should keep the smartphone’s operating system up to date. An outdated version is prone to attacks.
Secondly, Tesla should elevate the security measures. For example, OAuth token file was unencrypted and therefore, it was accessible. According to the security experts, Tesla should consider setting up a two-factor authentication and encrypted OAuth token text file.