charging station It is worth noting that each Tesla model has a companion app for Android and iOS smartphones, which allows the driver to check the battery level, find the location of the car, turn on the headlights to detect the car in a parking lot, etc. However, the app that makes life easier for supercar owners turned out to be easy to hack. Using social engineering methods, hackers can force a Tesla owner to install malware on their smartphone. For example, if you create a hotspot near a who connects to Wi-Fi some kind of bonus for installing supposedly useful software, the goal will be achieved.
The malicious application is required to intercept charging station
The OAuth token. This token is obtained by the user after authentication using a login and password. After the first successful login to the Tesla application, the token is stored in clear text in a file. When the application is restarted, the token is read and used to send new requests. According to tests by Promon specialists, this token is valid for 90 days.
With the token and the credentials of the official
Tesla app, an attacker can send telegram data well-formed HTTP requests to Tesla servers using the token and, if necessary, the victim’s login and password. As a result, the attacker will be able to start the engine without a key, open the doors, track the car, and so on. In theory, there are many more possibilities, but the researchers have not tested their entire range in practice.
Promon experts advise
Tesla to adhere to some rules that will minimize security risks. For example, the application should be able to independently how to properly use the noscript detect modification attempts. The token should not be stored in the open. Security can be increased by using two-factor authentication. The application can also include its own keyboard, which will protect users from keylogger viruses. It would not be aero leads a bad idea to protect the application from reverse engineering.
