According to researchers, it is easy for an attacker to develop a malicious app that contains Android rooting exploits such as Towelroot and Kingroot, which can then be used to escalate the malicious app's privileges, allowing attackers to read OAuth token from the Tesla app.
Stealing this token could enable an attacker to locate the car and open its doors, but could not help the attacker start and drive away with the owner's car.
For this, the malware needs to delete the OAuth token from the owner's phone, which prompts the owner to enter his/her username and password again, allowing the attacker to collect the owner's login credentials.
Researchers say this can be done by modifying the original Tesla app's source code. Since the malware has already rooted the owner's smartphone, it can alter the Tesla app and send a copy of the victim's username and password to the attacker.
With this data, the attacker can perform a series of actions, like locating the car on the road, open its doors, start the car's motor and drive the car away unhindered, just by sending well-crafted HTTP requests to the Tesla servers with the owner's OAuth token and password.
Tesla says it is not the issue with its product but common social engineering tricks used by attackers to first compromise victim's phone, rooting the device and then altering its apps data.
The researchers' attack is only possible when an attacker convinces a victim into downloading a malicious app on his/her Android device.
Rowling reunites with David Yates, the director of four §double§Harry Potter§double§ films, as comfortably as §double§Fantastic B
Theresa replaced David Cameron as prime minister of the U.K.with a rather suddenly, much journalists scrambled to find out more about her person
Facebook has finally been weaking up with its first fine of £500,000 for Cambridge Analytica to improperly gather and misapply data of 87 m
Stan Lee, the colorful Marvel Comics patriarch who helped usher in a new era of superhero storytelling -- and saw his creations become a giant influen
Notice that the Android§apostrofe§s new In-app Updates API doesn§apostrofe§t force or lock out users from the app if they chose no
For the past 6 years, a dog named Capitan has slept in the grave of his owner every night. His owner, Miguel Guzman died in 2006 and Capitan dissapear