Hackers from the Oslo, Norway-based security firm Promon have demonstrated what they claim is a “lack of security” in Tesla Motor’s android smartphone app. In a video and blog posted on Promon’s website, the hackers showed how this weakness could be exploited to locate, unlock and steal a Tesla Model S car.
“As illustrated the demonstration video, our experts have been able to take full control of a Tesla vehicle, including locating and tracking the car, opening the doors and enabling its keyless driving functionality,” Promon researchers said in the blog post. “Crucially, this is all done by attacking and taking control over the Tesla app, and underlines the vital importance of watertight app security, and the wider implications this could have for IoT-connected devices in general.”
In order to carry out their hack, the researchers first tricked the Tesla owner — in this case, another Promon researcher — by a phishing attack through a free Wi-Fi hotspot near a Tesla charging station. The owner was offered an incentive — a free burger from a nearby burger joint — to install a malicious app.
This malware then allowed the hackers to take control of the Tesla app, which is used by owners to check charging status, guide the vehicles in crowded parking lots, and for opening the doors remotely without a key. This, in turn, allowed them to take full control of the car and to enable the keyless driving functionality that makes it possible to drive the car without the key fob present.
“Our test is the first one to use the Tesla app as an entry point, and goes a step further by showing that a compromised app can lead directly to the theft of a car,” Promon founder Tom Lysemose Hansen reportedly said, adding that the demonstration built upon the flaw recently revealed by researchers at Keen Security Lab — a part of the Chinese company Tencent Holdings.
In September, hackers from Keen Security Lab, who shared their research with Tesla, showed that they could remotely hack a Model S car to unlock doors, open the trunk, and even apply the brakes when the car was moving.
A day after the hack was revealed, Tesla announced that it had fixed the security flaw through a new software patch.
However, responding to the Promon hack, a Tesla spokesperson said that it did not reveal any “Tesla-specific vulnerabilities.”
“This demonstration shows what most people intuitively know – if a phone is hacked, the applications on that phone may no longer be secure,” the unnamed spokesperson told Electrek. “The researchers showed that known social engineering techniques could be employed to trick people into installing malware on their Android devices, compromising their entire phone and all apps, which also includes their Tesla app.”