Two hackers from Promon, specializing in security, broadcast a video relayed by the International Business Times in which they show that it is possible to pilot a Tesla Model S remotely by hacking its Android application. Once the attack is made, the car can be fully controlled remotely without the need for the key or specific access.
The attack is made using a pirated version of the Android app used by the car for various interactions. The application thus modified makes it possible to locate, unlock and start a car without having the key. This method nevertheless requires convincing the rightful owner of the car to download a modified version of the application himself in the first place. This application is quite popular among Tesla users, who use it in particular to locate their car in a parking lot, check the battery level and various settings. The incentive to download a modified version of the app can therefore be done via a publicly trafficked WiFi terminal near a Tesla charging station, as shown in the Promon example.
After this download, a third party can use this connection by tricking the car and causing it to believe that it is the owner. All remote controls are then accessible, including the ability to locate the car, unlock it and start it without having to have the key. Tesla has provided a function for its users allowing them to start their car with a simple password, which can be registered in the application, and which therefore becomes accessible to a person who would have hacked it through it.
"Our demonstration is the first to use the Tesla application as an entry point, and goes even further by showing that a compromised application can lead to a car theft," says Tom Lysemose Hansen, founder of Promon. On Tesla's side, it is said that they have learned of the fault, but the firm indicates that this problem is not specific to its brand: "This demonstration proves what many people already knew: if a phone is pirated, applications On this phone are no longer safe ". The firm recommends that users install only the latest version of the Tesla application, and avoid any application to dubious or unknown content.
0 comments:
Post a Comment