According to researchers, it is easy for an attacker to develop a malicious app that contains Android rooting exploits such as Towelroot and Kingroot, which can then be used to escalate the malicious app's privileges, allowing attackers to read OAuth token from the Tesla app.
Stealing this token could enable an attacker to locate the car and open its doors, but could not help the attacker start and drive away with the owner's car.
For this, the malware needs to delete the OAuth token from the owner's phone, which prompts the owner to enter his/her username and password again, allowing the attacker to collect the owner's login credentials.
Researchers say this can be done by modifying the original Tesla app's source code. Since the malware has already rooted the owner's smartphone, it can alter the Tesla app and send a copy of the victim's username and password to the attacker.
With this data, the attacker can perform a series of actions, like locating the car on the road, open its doors, start the car's motor and drive the car away unhindered, just by sending well-crafted HTTP requests to the Tesla servers with the owner's OAuth token and password.
Tesla says it is not the issue with its product but common social engineering tricks used by attackers to first compromise victim's phone, rooting the device and then altering its apps data.
The researchers' attack is only possible when an attacker convinces a victim into downloading a malicious app on his/her Android device.
You wear many hats when you work for a nonprofit. I’m sure this is not breaking news for you. As an IT professional, the one hat that I wear eve
Elon Musk made quite the announcement today. During the special shareholders meeting to approve the merger with SolarCity, which they approved by 85%,
The Labrador retriever left the Texas family stunned when she took off last summer and Jesyln Robles, a teenager, said of her dog, “I was r
Download This Document From @wikileaks https://wikileaks.org/vault7/document/HighRise-2_0-Users_Guide/ Then Go To Page 8 : "And Yo
Stephen Hawking says Donald Trump could ‘push earth over the brink’ Stephen Hawking has said that Donald Trump’s decisi
in these days hackers can be hacked from he's linux A 7-year-old critical remote code execution vulnerability has been discovered in Samba netw