Android Malware Used To Hack and Steal Tesla Car

An anonymous reader writes: By leveraging security flaws in the Tesla Android app, an attacker can steal Tesla cars. The only hard part is tricking Tesla owners into installing an Android app on their phones, which isn't that difficult according to a demo video from Norwegian firm Promon. This malicious app can use many of the freely available Android rooting exploits to take over the user's phone, steal the OAuth token from the Tesla app and the user's login credentials. This is possible because the Tesla Android app stores the OAuth token in cleartext, and contains no reverse-engineering protection, allowing attackers to alter the app's source code and log user credentials. The OAuth token and Tesla owner's password allow an attacker to perform a variety of actions, such as opening the car's doors and starting the motor.

I can do you one better

[houghi]

I can steal one by hitting people with a Nokia phone and it isn't limited to one brand of cars.
You can also use a toaster if it runs Linux.

Seriously, this is just another "via the Internet" thing that is used with almost anything to pretend it is something new. The article is "You can steal a car if you steal the keys".

Re: Tesla Android

actually,...

Do expect Android to be hacked and all your info leaked to cave monkeys handling Google's development in some smelly jungle.

Google getting all your data via Android is neither a hack nor a leak.

It's a feature.