Tesla cars can be tracked, located, unlocked and driven away by compromising the company\u2019s smartphone app. Researchers at Norwegian app security firm Promon demonstrated how easy it appears to be to steal a Tesla. Benjamin Adolphi, mobile software developer at Promon, created a fake free Wi-Fi hotspot that featured an ad targeted at Tesla owners, offering them a free burger at a local restaurant. Owners were then prompted to download an application in order to take advantage of the offer; however, the app contained malware that \u201cmanipulated\u201d the Tesla app to grab the owner\u2019s username and password. An OAuth token is used to authenticate the username and password every time the user starts the app. The Tesla app is modified where code was added to steal the username and password and sent to an attacker-controlled server. In order to trigger this code, the user needs to log in again. The Tesla app can be tricked into requiring the user to log in by simply removing the stored token. In the statement to Inforsecurity, Tesla said that the issue uncovered by Promon is to do with underlying mobile application security, rather than their application.<\/p>\n
It is great that I can control my car with my phone, but if it has the risk of someone can easily steal my car. I would rather not use the application. I think Tesla should definitely improve the security of the application instead of blaming all mobile application security problem.<\/p>\n
Link: http:\/\/www.infosecurity-magazine.com\/news\/smartphone-flaw-tesla-vehicles\/<\/p>\n","protected":false},"excerpt":{"rendered":"
Tesla cars can be tracked, located, unlocked and driven away by compromising the company\u2019s smartphone app. Researchers at Norwegian app security firm Promon demonstrated how easy it appears to be to steal a Tesla. Benjamin Adolphi, mobile software developer at Promon, created a fake free Wi-Fi hotspot that featured an ad targeted at Tesla owners, […]<\/p>\n","protected":false},"author":6134,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[717573],"tags":[],"class_list":{"0":"post-4008","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-13-disaster-recovery-business-continuity","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/4008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/users\/6134"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/comments?post=4008"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/4008\/revisions"}],"predecessor-version":[{"id":4009,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/4008\/revisions\/4009"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/media?parent=4008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/categories?post=4008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/tags?post=4008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}