According to researchers, it is easy for an attacker to develop a malicious app that contains Android rooting exploits such as Towelroot and Kingroot, which can then be used to escalate the malicious app's privileges, allowing attackers to read OAuth token from the Tesla app.
Stealing this token could enable an attacker to locate the car and open its doors, but could not help the attacker start and drive away with the owner's car.
For this, the malware needs to delete the OAuth token from the owner's phone, which prompts the owner to enter his/her username and password again, allowing the attacker to collect the owner's login credentials.
Researchers say this can be done by modifying the original Tesla app's source code. Since the malware has already rooted the owner's smartphone, it can alter the Tesla app and send a copy of the victim's username and password to the attacker.
With this data, the attacker can perform a series of actions, like locating the car on the road, open its doors, start the car's motor and drive the car away unhindered, just by sending well-crafted HTTP requests to the Tesla servers with the owner's OAuth token and password.
Tesla says it is not the issue with its product but common social engineering tricks used by attackers to first compromise victim's phone, rooting the device and then altering its apps data.
The researchers' attack is only possible when an attacker convinces a victim into downloading a malicious app on his/her Android device.
Senators Mark Warner (Va.) and Amy Klobuchar (Minn.) created a Facebook page for a fictional political group — Americans for Disclosure Solution
he newest, most outrageous, “super extreme” idea from Lamborghini is a box. Well, metaphorically. The Italian supercar giant unveiled a
Apple plans to give developers more freedom over the introductory pricing levels of in-app subscriptions. As referenced in the iOS 11.2 beta release n
After many years of fighting in the courts, Apple has finally claimed victory over Samsung to the count of $120 million. The case revolved aro
Prince Al-Waleed bin Talal Bin Abdulaziz Alsaud, Chairman of the Alwaleed Bin Talal Foundation, right. Photo: Farah Abdi Warsameh / AP Saudi Arabia
Yuri Milner, a Russian venture capitalist, made investments in Facebook and Twitter while they were still private with the help of funds linked to Rus