Hacked passwords can enable remote unlocking, tracking of Tesla cars

Article by Lucian Constantin – April 1, 2014

If you haven’t heard about them; the Tesla S is one of those high-end, all electric vehicle that has some pretty cool features, for example: a center console touch screen that controls much of the car’s systems.
Researchers have found that hackers are having a quite an easy time of accessing Tesla password accounts allowing them to potentially track and unlock these high tech cars. According to this article, the Tesla Model S vehicles are only protected by a six character long password, requiring only at least one number and one letter, making them vulnerable to these brute force attacks. And that is just one of the potential threats. Other potential threats includes phishing and malware in addition to possible compromises as a result of 3rd party password leaks, especially if the car owners use that particular password on multiple sites.
On top of that if the email attached to the vehicle is compromised, all the hacker has to do is reset the account’s password since there isn’t any other security checks, such as, answering a secret question. With advanced technology in Google Glass, owners would use the Tesla for Glass app to monitor and control their cars. The infrastructure of their Google Glass could be compromised and the hacker would have the owner’s account credentials and abuse the remote car control functionality.

Tesla Motors is not too worried about the security issue. Something more should be done to protect the owners and their vehicles. “Automotive manufacturers though innovative in engineering can often oversee the security aspects just because there was no need to digitally safeguard cars in the past,” according to Bogdan Botezatu who is a senior e-threat analyst at security firm Bitefender. He also commented that ‘while it may be true that the online account does not allow a potential attacker to control the car’s critical systems, it could allow somebody to physically locate the car and unlock it.’(website)

A solution doesn’t seem to be in the near future because of the efforts are stressed on functionality and performance of the vehicle not it’s safety.

Website- http://www.pcadvisor.co.uk/news/security/3509593/hacked-passwords-can-enable-remote-unlocking-tracking-of-tesla-cars/
http://threatpost.com/researcher-identifies-potential-security-issues-with-tesla-s/105146

 

Advertisements

8 thoughts on “Hacked passwords can enable remote unlocking, tracking of Tesla cars

  1. It’s scary how reliant we’ve become on technology in everything today. Companies should focus more on securing their products.

    • It is so true. Being a non security major student, this class has certainly opened my eyes to the risks that are out there,even the ones that we don’t even know about yet.

  2. There are definitely flaws with cars that have technology in them, but there are also great benefits. The worst part about this article is the endless possibilities that can arise from someone gaining control of a car.

  3. Seems like they just stuffed a bunch of functionality in. What were they thinking connecting it with Google glass? In my opinion, when it’s something as valuable as this there should be some sort of physical security.

  4. I don’t understand the 6 word password. If it is protecting something like a car then the password should require to be at least a minimum of 6. It is like hijacking a car but through remote access. Could definitely be scary.

  5. Knowing where these expensive cars are going to be is a major advantage to a thief and Tesla company should be worried about this issue because it could be the difference between a consumer purchasing their tesla or a porche.

    • You are definitely right. You should feel confident and secure when purchasing a vehicle,especially high end and high tech vehicle like the Tesla.

Comments are closed.