26–27 September 2017

Tokyo, Japan


How we stole a Tesla car by hacking the app

Tom Lysemose Hansen, CTO, Promon (Norway)

  • Demonstration of how compromising a mobile device with malware leads to lost credentials and eventually the hijacking and ‘stealing’ of a Tesla car.
  • How widely available attack tools and methods can be used, even on non-rooted mobile devices (Android) to steal essential information as the user is interacting with the mobile app., ranging from simple keylogging attacks, to state-of-the-art malware methods as currently seen in banking malware for mobile, mobile payment and mobile authentication.
  • Discussion of various security ‘best practices’ and other counter measures which could have greatly reduced the risk of such an app-based attack.