That's how easy a hacker can steal your car, and without disheveling!!

Tesla

Researchers from the Norwegian security firm Promon have figured out how to steal cars from Tesla without using physical media. A seemingly simple attack of phishing to hack the official application of the American manufacturer, which can then be used to access the vehicle in question as easily as its rightful owner would..

Promon clearly points out that the problem does not properly lie in the car, but in the limited level of security provided by the official application for Android.

The application of Tesla gives its user almost complete control of vehicle functions. With this in mind, researchers have created a possible scenario in which the owners of Tesla who park their car near a fast food restaurant find an open Wi-Fi network created by hackers. It is just one of the many possibilities open to thieves. When connecting, the victim receives a message to download an application from Google Play thanks to which you can enjoy a free burger just for having a Tesla and visit the establishment. The hook is already drawn.

Once installed, the malicious application launches a privilege escalation attack to modify the official application of Tesla and the authentication token, forcing the user to re-enter their access data, which are then sent to a server controlled by hackers. With this data in your possession, the vehicle is completely defenseless. Thieves can now approach him, open the doors, activate the driving mode without a keychain and leave with the car launching several HTTP requests.

Promon, that not in vain specializes in the protection of mobile applications for third party companies, has several recommendations to prevent this situation from being recreated by hackers and real thieves. Among the improvements it is suggested that the application can detect if it has been modified, the use of some mechanism that prevents the storage of the token in simple text, two-step authentication deployment, the integration of an own keyboard in the application to avoid the use of keyloggers and the shielding of the software to avoid the use of reverse engineering techniques.

Here we leave you a video to see how easy it is to steal a car for a hacker:

Fountain: Promon,The Other Side

Leave a Reply

Your email address will not be published. Required fields are marked *

Intec Cybersecurity
Intec Cybersecurity
intec cybersecurity