Many believe that you can actually steal the Tesla car by hacking into its app. There have been few demonstrations by the researchers that keyless Tesla can be easily hacked within a minute or two. Subsequently, many cybercriminals are reportedly seen taking advantage of the vulnerability. Indeed, they can take advantage and locate cars and then later steal at their most favorable area.
Tesla recently released an on-air update to fix an issue, but that’s not the end. Many don’t care, but security needs to be the prime concern whether you are buying a used car or the brand new one.
Reportedly, security threats have been topping the list of the used car recently. A bad history of a car is not what you should be looking for. Getting a Comprehensive Revs Check actually helps you get a detailed damaged past history of the vehicle. Most importantly, a Tesla involved in hack and theft can be checked easily on the generated report.
How Are Criminals Able To Steal Tesla?
There are countless ways hackers are able to steal Tesla. Some of the professional hackers can get into Tesla’s server and steal your credentials.
First, the hackers will send you the HTTP request through the Tesla server. These requests will have the OAuth token in them. You would blindly trust anything from the company itself and log in to the redirected link with the username and password, which authenticates the hacker’s request. As soon the login session is generated through the Tesla app, the token will be obtained, which will then be stored in the sandbox folder.
At some level, the validity period of the token stays about 90 days on the server. Once in a while, the user needs to log into his Tesla account with a username and a password, which also generated a session token making hackers easy to authenticate. So, when the wrong-doers have your token, they can actually locate the address of the car.
How To Determine The Username And Password Of A Tesla User?
There are many ways to determine the information of Tesla users. We shall discuss one of them in this article. The attackers modify the Tesla app, and in this app, the malicious logics are added to steal the user’s info. Then, such information is then transferred to the server that is controlled by the attacker. If the user login the next time, then the code will be triggered. They can manipulate the Tesla app by removing the stored token and then making users log in.
Wonder how there will be manipulation so that the Tesla app can be replaced? The attackers can do this with the help of a privilege escalation attack. This is similar to some of the Android root apps like Kingroot, Towelroot, or some malware like HummingBad or the Godless. There will be permission granted to the rooting, and through this, the mentioned above steps can be performed.
If the attacker can trick the Tesla’s owner and install this app on their device, then things will be straightforward to hack such cars. In this process, there are many ways of trickery. One is through the phishing attack. The attackers create a free Wi-Fi hotspot, and such names will be very tempting to open up like the ones called as locations of KFC restaurants in XYZ cities.
If Tesla’s owner connects to this Wi-Fi hotspot and visits that web page, it is almost a final step for the owner to get trapped. In this example, there will be an advertisement regarding the free burger at the KFC restaurant for the Tesla owners. If he clicks on that link, then he will get redirected to the Play Store. This will thereafter display the malicious app in the portal.
The next thing that the Tesla owner does is he installs and uses the tricked app that has a backdoor. This asks for the root permission. On the successful grant, the app replaces the Tesla app. So, the next time the user starts the app, he needs to authenticate with his username and password. This manipulation forwards the address of the user to the server that is controlled by the attacker. In this way, the hackers will be able to accomplish stealing the information through only some HTTP requests.
How To Prevent Tesla Theft?
Determining the risk of theft, Tesla developed an extra layer of security that enables the driver to enter a four-digit pin to drive. Also, the improved 80-bit cryptography named Fob reduces security flaws.
To activate the four-digit pin in Tesla:
Step 1: Go to “Controls.”
Step 2: After that, tap on “Safety and Security.”
Step 3: Select “PIN to Drive” and set a secret pin.
That’s all for now.
Follow Techdee for more informative articles.