ELON MUSK'S FANCY PANTS Tesla future cars are in the news again, not for much good, just because some more people have found another way to hack them.
This new method involves the official Tesla Android app, which might make the attack easier or harder to prevent. A company called Promon has the bad news on this, and it says that vulnerabilities in the application make the whole thing a crackable joke that will allow someone other than the driver to do some driving.
"Our researchers have demonstrated that because of lack of security in the Tesla smartphone app, cyber criminals could take control of the company's vehicles, to the point where they can track and locate the car in real-time, and unlock and drive the car away unhindered. Such a hack gives criminals total control of the vehicle, providing additional functionality to that exposed by a different hack in late September."
They have a video that shows how easy it would be to pinch a car using their method, and ride away in it.
"As illustrated the demonstration video, our experts have been able to take full control of a Tesla vehicle, including locating and tracking the car, opening the doors and enabling its keyless driving functionality. Crucially, this is all done by attacking and taking control over the Tesla app, and underlines the vital importance of watertight app security, and the wider implications this could have for IoT-connected devices in general," added the firm.
"It is imperative that IT leaders extend their security remit, and take proactive steps to ensure that the data held on customers' mobile devices is just as safe from malware and other threats as the data hosted on their servers."
This is not straightforward though, and you are going to have to get a poisoned app into the hands of the Tesla owner. That app should include your nefarious tools, and if you have the same muscle as Promon, you should be able to open and lock the car, and make it start driving with no driver and no official starter fob.
They have a number of recommendations for the Tesla software chaps including the recommendation that they create an application that is less open to abuse. Other guidance is available.
"While most of these should not be necessary if one could trust the user's device to not be compromised, the reality is that most Android users are at risk because the latest Android version is not available to them. Your end-users are the weak link in mobile security!," added the firm.
"With mobile phones now an everyday item, the ideal of safe usage can always be compromised by human error. It is impossible to control how every single user goes about using their mobile device, whether you are a car manufacturer, a retailer or a bank." µ
The best of the rest of the week
Amazon is going big on AI for Christmas
But you still can't deactivate Samsung's divisive AI assistant