Vulnerability Summary for GPS Spoofing via Rooted Android Phone:
The Tesla Mobile Android Application can be ran from a rooted android device to then spoof the GPS co-ordinates of the owner. This allows remote access for an attacker anywhere in the world to summon the vehicle and slowly drive it anywhere, and to also open the garage door of the owner if the vehicle is parked at home.
A malicious user can steal credentials either via phishing, purchased through the darkweb, or any other means from the leaked 16 billion credentials floating out there and is then able to access a persons home via garage (API/Rooted Android) or slowly drive their vehicle from anywhere in the world (Rooted Android).
Steps To Reproduce for Rooted Android Phone GPS Vulnerability:
Root Android Phone
Install Magisk for Specific Phone Type
Install GPS Joystick and run as system mode
Tesla Bug Bounty Submission:
I disclosed my findings to Tesla back in October of 2020 when no 2FA was available. Shortly after they had finally rolled out 2FA for the Tesla Phone application. Unfortunately, rooted phones are out of Tesla’s control but a strong authentication framework will help the company with issues like this in the future.