Android Malware Used To Hack and Steal Tesla Car

An anonymous reader writes: By leveraging security flaws in the Tesla Android app, an attacker can steal Tesla cars. The only hard part is tricking Tesla owners into installing an Android app on their phones, which isn't that difficult according to a demo video from Norwegian firm Promon. This malicious app can use many of the freely available Android rooting exploits to take over the user's phone, steal the OAuth token from the Tesla app and the user's login credentials. This is possible because the Tesla Android app stores the OAuth token in cleartext, and contains no reverse-engineering protection, allowing attackers to alter the app's source code and log user credentials. The OAuth token and Tesla owner's password allow an attacker to perform a variety of actions, such as opening the car's doors and starting the motor.

Android security flaw and not Tesla security flaw?

[DiniZuli]

Here is another take on the same story: https://electrek.co/2016/11/23...

Re: Customer service

[MachineShedFred]

I miss the days when people actually took responsibility for doing stupid things.

Would you blame Ford if someone left the keys in their car when running into a convenience store and came back out to see their car gone? Because that's what you are doing here.

Fuck off, troll.

Re: Tesla Android

[yakumo.unr]

"Since Android was launched over seven years ago, all Android devices have
shared a common security model that provides every application with a secure,
isolated environment known as an application sandbox. Android was one of
the first operating systems to introduce the idea of sandboxing to both protect
applications from attacks and protect the device from applications. Sandboxing
is used for all applications on the device, including system-level applications. "

https://static.googleuserconte...