An anonymous reader writes: By leveraging security flaws in the Tesla Android app, an attacker can steal Tesla cars. The only hard part is tricking Tesla owners into installing an Android app on their phones, which isn’t that difficult according to a demo video from Norwegian firm Promon. This malicious app can use many of the freely available Android rooting exploits to take over the user’s phone, steal the OAuth token from the Tesla app and the user’s login credentials. This is possible because the Tesla Android app stores the OAuth token in cleartext, and contains no reverse-engineering protection, allowing attackers to alter the app’s source code and log user credentials. The OAuth token and Tesla owner’s password allow an attacker to perform a variety of actions, such as opening the car’s doors and starting the motor. Read more of this story at Slashdot.
Read the article:
Android Malware Used To Hack and Steal Tesla Car
Zack Whittaker, reporting for ZDNet: A hacker has targeted the official forum of popular mobile game “Clash of Kings, ” making off with close to 1.6 million accounts. The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data. In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user’s location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted. LeakedSource has now added the total 1, 597, 717 stolen records to its systems. Read more of this story at Slashdot. 
An anonymous reader writes: Personal information of over one million users stored by popular dating site BeautifulPeople has leaked, and is now accessible online. We already knew that BeautifulPixel.com was hacked (it happened in November 2015), but this is the first confirmation from a security researcher that the details are legitimate. (BeautifulPeople had downplayed it at the time, saying that it was a staging server, and not a production server, that was hacked.) Security researcher Troy Hunt, citing a source, noted that the data has been sold online. The leaked personal information include email addresses, phone numbers, as well as hair color, weight, job and other details.Troy also noted that of the 1.1 million users details, 170 of them have government email addresses. Some of you may remember BeautifulPixel as the creator the “Shrek” virus. Read more of this story at Slashdot. 
Mark Wilson writes: Apple has a lot of support at the moment for its stance on encryption and refusing the FBI access to an iPhone’s contents, but it’s only a couple of weeks since the company was seen in a less favorable light. There was quite a backlash when users found that installing an update to iOS resulted in Error 53 and a bricked iPhone. Apple initially said that Error 53 was caused ‘for security reasons’ following speculation that it was a bid to stop people from using third party repair shops. iFixit suggested that the problem was a result of a failure of parts to correctly sync, and Apple has been rounding criticized for failing to come up with a fix. Today the company has issued an apology, along with an update that ensures Error 53 won’t happen again. But there’s more good news … If you were talked into paying for an out of warranty replacement as a result of Error 53, you could be in line to get your money back. Read more of this story at Slashdot.