© Copyright 2019 | All Rights Reserved to COMMUNITAKE TECHNOLOGIES Ltd.

THREATS

The Threat

Smartphone App Flaw Leaves Tesla Vehicles Vulnerable To Theft

Researchers at Norwegian app security firm Promon demonstrated how easy it appears to be to steal a Tesla using simple, known mobile vulnerabilities. 

A fake free Wi-Fi hotspot featured an ad targeted at Tesla owners. They were prompted to download an application in order to take advantage of a free burger offer; however, the app contained malware that grabs the owner’s username and password and then tracks the Tesla vehicle. It enables a cybercriminal to unlock the car, start the engine and drive away. Tesla said that the issue is to do with underlying mobile application security, rather than their application.

Original source: Infosecurity magazine. Read the full article >>>

The IntactPhone Protection

Connected cars are exposed to known mobile vulnerabilities. The end result can be devastating to the emerging market. Furthermore, it can risk millions of drivers and their families who just look to simplify their lives but carelessly jeopardize it. When a device is compromised, everything on the device is also compromised, including login credentials, bank information, etc.

 

Here is how IntactPhone eliminates the attack vectors of the Tesla takeover scheme:

  1. Up to date security updates protecting against well-known security breaches.

  2. All app installations are managed via Command and Control center policies.

  3. IntactPhone only allows access to secure Wi-Fi hotspot.

  4. IntactPhone monitors and alerts on suspicious Wi-Fi connections.

  5. IntactPhone offers a global app store with safe apps, approved by cyber security experts.

  6. IntactPhone supports granular apps permission management, including sending faked data.

 

Connected cars can be an exciting playground for cybercriminals with almost endless opportunities. Connected car drivers must be attentive and understand that they have become legitimate targets in the cyber-crime arena. They must block all possible malicious attacks and look beyond simple commercial devices.