Security researchers have demonstrated how easy it is for hackers to steal Tesla cars through the company’s official Android application that many car owners use to interact with their vehicle. Tesla Stores OAuth Token in plain text into the device’s system folder which can be accessed by privileged root user only. Attackers can locate, unlock and drive away with a Tesla Model S without the owner’s login credentials. Tesla says it is not the issue with its product but common social engineering tricks used by attackers to first compromise victim’s phone, rooting the device and then altering its apps data.
Source: https://thehackernews.com/2016/11/hacking-tesla-car.html