Tesla’s mobile app offers the Model S and Model X owners a host of features, including that bildørene can be opened and locked and the car is started – without bilnøkkel.
Now, the Norwegian company Promon found what they believe is a risk that the elbilene can be stolen, if Tesla owners ‘ smartphones are prone to hacker attacks.
Promon believes Tesla-the app has security flaws.
Our research institute has demonstrated that because of the lack of security in the Tesla smartphone app, computer criminals to take control over the company’s vehicles to the point where they can locate the car, unlock it and run off with it, unhindered, type Promon in a statement on its website.
It must be here pointed out that Promon is a datasikkerhetsselskap, who live by selling solutions – among other things, to discourage hacking.
Promon has posted a video, which they say is evidence that they hacked Tesla-app – and be able to kjøære off with a parked Tesla (see the video below):
In the video they get a Tesla owner to download a seemingly innocent app, but it contains hidden, malicious software that they use to hack to Tesla-the owner’s password.
– No vulnerabilities in the Tesla
” This report shows no vulnerabilities that apply to the Tesla in particular, writes Tesla Norway in a statement to E24.
– Demonstration shows something most people realize on their own: If a phone is hacked, it is not certain that the apps are safe.
Secret update makes the Tesla even faster
Researcherne shows that one can use the well-known “social engineering”techniques to trick people into installing malicious software on your Android phone. This exposes the entire phone and all apps for risk, including the Tesla app, enter Tesla.
We recommend all to keep your phone updated with the latest version of the mobile operating system you are using. We have never received notification that someone has stolen a Tesla through a compromised app, end elbilprodusenten.
In a post on the blog Electrek points out that the vulnerability does not lie in Tesla’s app, but with the old software from Android.
In the autumn showed a hackerteam from China that they managed to break into the control system for the Model S, and with it open the trunk and press on the brakes while the car was in motion, writes Forbes – who first talked about Promons findings.
Just days later had Tesla fixed the error that made that the hackers came in.
It was this hackerangrepet that formed the basis for the Promons research of the app, writes Forbes.
A spokesperson for Tesla said to E24 that these situations are not comparable, as China-the episode was a potential weakness that was rectified while it is in the Promon-example is related to Android.
- There is absolutely no connection between the report from chinese Keen Security, and the video from the Norwegian it-company.
On the facebook page to the Tesla Owners Club Norway reacts Tesla owners with the wonder of hackernyheten. Several point out that it is not the Tesla or the car from being hacked, but that what actually happens is that the bileierne provide password information to unauthorized parties.
Chairman of the board and president of the Tesla Owners Club Norway, Satheesh Varadharajan, says to E24 that he has not seen that some owners have been concerned that such an attack shall occur.
– This has nothing with the Tesla to do. This is just one of the many apps that are victim of that some need on the phone. Personally I’m very happy with how the app works, ” he says.
Promon: – Too easy
Promon-founder, Tom Lysemose Hansen explains how they went forward to try and hack the app:
“We thought that in order to have taken control of the Tesla app on the owner’s mobile, it might want to be in the vicinity of a Tesla charging station, where it potentially would be many Tesla owners past,” he says.
– We set up a rogue network, and got bileierne to connect to our server, and on the way we got them into our system. Then we got them to load an app so that we could have taken control of the Tesla app.
Lysemose Hansen believes hackerangepet their research institute carried out is a type of attack that can be implemented easily, no matter what version of Android the user has, or whether the version of Android has weaknesses or not.
Tesla with the new in the night: Working to produce self-driving cars
– But it should perhaps also be noted that by far, most Android phones have weaknesses that are easy to exploit, ” he says.
– in General, we see that there are many mobile applications which have too poor security.
Promon-founder tells us that he is surprised how easy it was to hack the application.
– We used the methods which are already used by criminals, and it is here that the concern is located. It was all too easy to do this, ” he says.
– It is also why we go out with it, for we believe that it should not be so simple. Moreover, we got not only to steal the car, we also got access to a whole range of information on Tesla owner, as for example where he is. Such information allows criminals to exploit, for example, to make the burglary in his house.
Promon recommend Tesla to make sure they have an application that is able to defend themselves.
the Case continues below the advertisement.
– They should have a system that ensures that if your phone is infected and so is the app resistant. It is the type of defense mechanism we see being used for example, among our clients in the financial sector, ” he says.
This says Norsis:
a Senior adviser Bjarte Malmedal in the Norwegian centre for informasjonssikring (Norsis) is split in its views on Tesla-hackingen.
Bjarte Malmedal, Norsis
– You can say that Tesla has the right in what they say about that the attack went on the operating system itself, and not on the app, ” says Malmedal to E24.
– But at the same time, not Tesla ignore the fact that this is possible, he continues.
And it’s not just about Tesla, but about anyone who has an app of any kind. They can all be hit by such attacks, and the consequence will be the same, whether it is the operating system or application that is attacked directly. This is a part of the threat level that Tesla must relate to, and that those who use the app and the cars must adhere to.
Malmedal believes that it thus becomes a little too easy for Tesla to say that this has nothing to do with them.
– But then there is the question of whether people should be worried about this. It is not certain that they will. The risk of being exposed to this is very low.
He points out that the attackers must be very close to your phone the hacker, as noted by Promons description of the attack.
the Owner of the car must also let themselves to be deceived to install an app that steals user names and passwords. But if the steps change, that one for example is easier to target the attack can access over the web, the changes, however, threat perceptions, ” says Malmedal.
He refers to the Norsis’ general advice about never to download apps from non-official channels, and always make sure that your phone is up to date.
No comments:
Post a Comment