FIGURE 6-7. Tesla iPhone app
Communication between the Tesla iOS app and the Tesla cloud infrastructure has been
documented by the Tesla Model S API project. The app connects to the server at por
tal.vn.teslamotors.com to authenticate and authorize the user based on credentials. Once
logged in, the user can connect to this server to issue commands (such as to unlock the car)
and receive information about the car (such as the car’s location). Malicious users can also use
this service to automate their work. Consider a situation in which an attacker has been able to
capture the credentials of a few hundred Tesla owners. The attacker could write a simple
script that uses the API to quickly find the locations of all the cars and unlock them, following
these steps:
CHAPTER 6: CONNECTED CAR SECURITY ANALYSIS—FROM GAS TO FULLY(^176) ELECTRIC