A group of security experts from security firm Promon has demonstrated how to exploit the Tesla app (for both Android and iOS) to locate, unlock and steal a Tesla Model S. The hackers used a laptop to remotely control the vehicle as demonstrated in the following video PoC. The app performs the operations by sending an HTTP request to the Tesla server, these requests leverage an OAuth token for the authentication. The token is obtained by the users once he completed the authentication through username and password. Stealing this token enables an attacker to locate the car and open its doors.”]
Source: http://securityaffairs.co/wordpress/53751/hacking/stealing-tesla-car.html