There’s a video that in the last 24 hours or so has gained a lot of attention. Allegedly, hackers in Norway are able to steal a Tesla because of a “lack of security in the Tesla smartphone app”. Now before I completely debunk this video, let me show you the video in question:
Okay. This looks scary on the surface. I will admit that. But here’s the problem. There is no security issue in the Tesla app. These guys used an Android phone where the user was tricked into logging into unsafe WiFi and downloading an app that stole the credentials of the Tesla app. So in short, they hacked the phone and not the Tesla app or the car itself. Using this method, these guys could have “hacked” a Tesla, a GM vehicle, or anything else that uses an app to open the doors of a car and to start it. Thus this is something that I doubt that Tesla would lose sleep over.
I didn’t see what version of Android that they used. But based on what I see in this video, the exploit that they used appears to be a variant of “SlemBunk” which was discovered in 2015 and mitigated in more recent versions of the Android OS. Note that I did not say fixed as it is still possible (though harder) to do this sort of attack. Thus users need to protect themselves by not connecting to unsafe Wifi, not downloading “sketchy” apps from outside the Google Play Store, and keeping your Android OS up to date. In short, if you do all of that, this “hack” will be less possible. Alternately, don’t tie your car to your smartphone. That ensures that there is no attack vector via a smartphone to steal it.
This entry was posted on November 23, 2016 at 4:11 pm and is filed under Commentary with tags Tesla. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Let Me Debunk This Tesla Hack For You
There’s a video that in the last 24 hours or so has gained a lot of attention. Allegedly, hackers in Norway are able to steal a Tesla because of a “lack of security in the Tesla smartphone app”. Now before I completely debunk this video, let me show you the video in question:
Okay. This looks scary on the surface. I will admit that. But here’s the problem. There is no security issue in the Tesla app. These guys used an Android phone where the user was tricked into logging into unsafe WiFi and downloading an app that stole the credentials of the Tesla app. So in short, they hacked the phone and not the Tesla app or the car itself. Using this method, these guys could have “hacked” a Tesla, a GM vehicle, or anything else that uses an app to open the doors of a car and to start it. Thus this is something that I doubt that Tesla would lose sleep over.
I didn’t see what version of Android that they used. But based on what I see in this video, the exploit that they used appears to be a variant of “SlemBunk” which was discovered in 2015 and mitigated in more recent versions of the Android OS. Note that I did not say fixed as it is still possible (though harder) to do this sort of attack. Thus users need to protect themselves by not connecting to unsafe Wifi, not downloading “sketchy” apps from outside the Google Play Store, and keeping your Android OS up to date. In short, if you do all of that, this “hack” will be less possible. Alternately, don’t tie your car to your smartphone. That ensures that there is no attack vector via a smartphone to steal it.
Consider this debunked.
Share this:
Like this:
Related
This entry was posted on November 23, 2016 at 4:11 pm and is filed under Commentary with tags Tesla. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.