#SecurityAlert - Tesla iOS app.
If Tesla credentials got compromised, and someone connected to a car using an iOS Tesla app, it will not be possible to disconnect mobile devices with the Tesla app that had been previously connected, if password is changed after the fact, and even if 2FA is activated. So someone can continue to access and control your car unless you disable mobile access for ALL devices.
Tesla was notified on August 4th, 2021. No update so far.
Steps to recreate the issue:
1.Install the Tesla iOS mobile app and login with current credentials
2.Change password and/activate 2FA
3.Turn off mobile access
4.Turn on mobile access back
The app will get automatically reconnected without requiring to enter new credentials.
See more at
https://twitter.com/Entrespace.../status/1424908699370463232
If Tesla credentials got compromised, and someone connected to a car using an iOS Tesla app, it will not be possible to disconnect mobile devices with the Tesla app that had been previously connected, if password is changed after the fact, and even if 2FA is activated. So someone can continue to access and control your car unless you disable mobile access for ALL devices.
Tesla was notified on August 4th, 2021. No update so far.
Steps to recreate the issue:
1.Install the Tesla iOS mobile app and login with current credentials
2.Change password and/activate 2FA
3.Turn off mobile access
4.Turn on mobile access back
The app will get automatically reconnected without requiring to enter new credentials.
See more at
https://twitter.com/Entrespace.../status/1424908699370463232
