Tesla Model S hack uses Android app exploit to steal car without the key

A team of computer hackers have demonstrated how the Tesla Model S can be located, unlocked and driven away without the key.

By compromising the car's companion smartphone application, they used a laptop to remotely unlock the doors, start the electric car and 'steal' it from a colleague. The hack exposes the internet weaknesses of products which can be accessed via apps and the internet.

The Tesla app is commonly used by owners to check the battery level and charging status, see the location of their car, as well as set the climate control before getting in, and flash the lights to help find the car in a car park. But in this demonstration the hackers, from security firm Promon, are shown using the car and app's shared internet access to track it down and steal it, all without an alarm going off and without the owner being aware.

They would likely only notice when returning to find the car gone, or when checking the car's location on the app. Available for iOS and Android, the app taken advantage of here is for the latter. To steal the Tesla, the hackers first have to convince the owner to download a malicious app onto their phone. In Promon's example, this is done by creating a free and open Wi-Fi hotspot close to a Tesla charging station, which offers a free burger to Tesla owners who download a special app. The incentive here could be anything, but the logic behind it remains the same; the target must download the malicious app to give the hackers access to their phone, and then their Tesla app password.

Don't be fooled by a free burger

Naturally, two flags here should already have been raised for most users. One when connecting to an unknown Wi-Fi network, and another when asked to download an unfamiliar application. It is good generally good practice to do neither of these - especially not for a free burger.

At this point the target knows nothing about the free burger app's true intentions, but now the hackers have access to the Tesla app, they can track the car. Once parked up for the night, they can track down the car, instruct it to unlock (a feature of the app), then enable 'keyless driving' mode. Created by Tesla, this feature lets Tesla owners remotely unlock and start their cars by entering a password; this can come in handy when asking a neighbour to move the car to a different parking space while you are on holiday, for example.

Tom Lysemose Hansen, founder and chief technology officer of Promon, said: "Our test is the first one to use the Tesla app as an entry point, and goes a step further by showing that a compromised app can lead directly to the theft of a car."

The hack isn't a demonstration of a vulnerability unique to Tesla, but more an example of how internet- and app-connected devices (and their victims) can fall for such attacks. Hansen added: "Mobile-focused criminals are more skilled than ever before, and are using a lack of security in mobile apps as an increasingly lucrative source of revenue. "Remotely controlling and stealing Tesla cars is a particularly dangerous example of just what can be done, but in theory any app without the necessary protection in place could be affected."

The security researcher says, in moving away from keys and fobs to smartphone apps, car makers must employ the same levels of security as banks. "We strongly believe that Tesla and the car industry needs to provide a comparable level of security [to banks], which is certainly not the case today," Hansen said. In response to the hack, a Tesla spokesperson told: "The report does not demonstrate any Tesla-specific vulnerabilities. This demonstration shows what most people intuitively know – if a phone is hacked, the applications on that phone may no longer be secure.

"The researchers showed that known social engineering techniques could be employed to trick people into installing malware on their Android devices, compromising their entire phone and all apps, which also includes their Tesla app. Tesla recommends users run the latest version of their mobile operating system." Earlier Tesla hackers took remote control of door locks, lights and brakes.