Short Bytes: How easily one can steal a Tesla Model S? Just offer a free burger to the owner. A team of researchers demonstrated how easy it is to hack and drive away a Tesla car using the keyless driving mode after installing a malware on the owner’s Android device.Tesla Motors proudly flaunts how its electric cars can be controlled using the Tesla app. It’s good to have a car which can be loaded with features by just pushing a software update. The company has also started making its cars fully automatic by adding extra self-driving hardware.
Tesla app enables an owner to unlock the car, check battery status, GPS location, turn on climate control, etc. The app uses the internet connection do all these things and also disables the minimum distance barrier between the user and the car.
All of these modern features make Tesla cars vulnerable to potential attackers. The Tesla app on an Android device can be compromised to gain unauthorized access to the car. This is what a team of researchers from the security firm Promon AS has demonstrated for a Tesla Model S.
In the demo, the researchers take the advantage of Tesla’s Keyless driving functionality. It enables Tesla owners to start the car by typing their password in the smartphone app.
A free burger can cost you your precious Tesla
To steal a Tesla car, the hackers lure the user to download a malicious app offering free burger by providing an open WiFi hotspot near a Tesla charging station. Basically, the task is to get the app installed on the owner’s device using your social engineering skills.
Once the user installs the app on Android, the malware in the app will access the Tesla app credentials and send it to the hacker over the internet. Then, using a laptop, the hacker can unlock the Tesla, enable keyless driving, and take it away.
The hack is not specific to Tesla app, according to the researchers, it can be used for other Android apps too. The unavailability of latest Android version to most of the device owners also acts as a major contribution in making their device vulnerable to such attacks.
Read Promon’s blog post to read about how the hackers actually do it.
If you have something to add, tell us in the comments below.