Let Me Debunk This Tesla Hack For You

There’s a video that in the last 24 hours or so has gained a lot of attention. Allegedly, hackers in Norway are able to steal a Tesla because of a “lack of security in the Tesla smartphone app”. Now before I completely debunk this video, let me show you the video in question:

Okay. This looks scary on the surface. I will admit that. But here’s the problem. There is no security issue in the Tesla app. These guys used an Android phone where the user was tricked into logging into unsafe WiFi and downloading an app that stole the credentials of the Tesla app. So in short, they hacked the phone and not the Tesla app or the car itself. Using this method, these guys could have “hacked” a Tesla, a GM vehicle, or anything else that uses an app to open the doors of a car and to start it. Thus this is something that I doubt that Tesla would lose sleep over.

I didn’t see what version of Android that they used. But based on what I see in this video, the exploit that they used appears to be a variant of “SlemBunk” which was discovered in 2015 and mitigated in more recent versions of the Android OS. Note that I did not say fixed as it is still possible (though harder) to do this sort of attack. Thus users need to protect themselves by not connecting to unsafe Wifi, not downloading “sketchy” apps from outside the Google Play Store, and keeping your Android OS up to date. In short, if you do all of that, this “hack” will be less possible. Alternately, don’t tie your car to your smartphone. That ensures that there is no attack vector via a smartphone to steal it.

Consider this debunked.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: