As Tesla’s popularity and usage continues to rise, it will start to become a much more attractive target for malicious actors. Especially since Tesla leverages extensive use of the internet for car-to-cloud connectivity, bad guys will try to find a vulnerability to exploit:
An often-asserted downside of internet-connected vehicles is that they’re subject to various forms of hacking, including theft. On Wednesday, a Norwegian security company called Promon claimed to have found something like the Holy Grail of vehicle hacking—by compromising a Tesla owner’s Android phone, they could take control of Tesla’s mobile app and steal the car.
The hack relies on tricking a Tesla owner into downloading a malicious app, for instance through a spoofed public Wi-Fi hotspot that would direct them to a deceptive Google Play download. That app could then escalate permissions on the owner’s phone and corrupt the Tesla app. Attackers could then, according to Promon, communicate with the Tesla server to issue remote commands including locating the victim’s car, opening its doors, and enabling keyless driving.