Tesla has been constantly updating their Model S ever since this was released, with the company learning from the various issues arising. The latest example of this is fitting the car with a titanium underbody protection element for the battery. Well, it appears that the time has come for Tesla to up the ante on the digital security front, with a recent research indicating the Model S is vulnerable to various threats.
The report comes from Nitesh Dhanjani, a corporate security consultant and hacking book author, who also happens to be a Tesla owner. He seems to have found a few gaps in the vehicle’s security system, albeit adding that the car’s main systems do not come with any security issues.
To put it shortly, the Tesla Model S could be unlocked by a hacker, since the operation is possible using wireless Internet access. If someone manages to crack or steal a password, that person can track down the vehicle or get inside it. Nonetheless, the Tesla Model S requires a key to start, so potential thieves could not start the vehicle.
It all starts with the first step of the ordering process, which requires customers to create an account secured via a six-character password. This offers access to a mobile app used to locate, lock/unlock and monitor the Model S’ features.
The problem here is that this is a static six-character password, something that’s not particularly difficult to get around for those in the know. For instance, a thief could simply guess the password, as Tesla’s website doesn’t have a limit for incorrect login attempts. What’s more, the password is vulnerable through the user’s email accounts.
"It's a big issue where a $100,000 car should be relying on a six-character static password," Dhanjani said.
Another issue was found with the fact that the Tesla customer service has the power to remotely unlock cars. The various background checks required to maintain such a system safe are not known to the Tesla users, with Dhanjani being concerned about the potential cracks in the system.
Moreover, Tesla’s mobile app has become a source for 3rd party developments, which could thus gain access to the car. Dhanjani has already submitted his report to Telsa, and you can see the Model S cyber security research here.
To put it shortly, the Tesla Model S could be unlocked by a hacker, since the operation is possible using wireless Internet access. If someone manages to crack or steal a password, that person can track down the vehicle or get inside it. Nonetheless, the Tesla Model S requires a key to start, so potential thieves could not start the vehicle.
It all starts with the first step of the ordering process, which requires customers to create an account secured via a six-character password. This offers access to a mobile app used to locate, lock/unlock and monitor the Model S’ features.
The problem here is that this is a static six-character password, something that’s not particularly difficult to get around for those in the know. For instance, a thief could simply guess the password, as Tesla’s website doesn’t have a limit for incorrect login attempts. What’s more, the password is vulnerable through the user’s email accounts.
"It's a big issue where a $100,000 car should be relying on a six-character static password," Dhanjani said.
Another issue was found with the fact that the Tesla customer service has the power to remotely unlock cars. The various background checks required to maintain such a system safe are not known to the Tesla users, with Dhanjani being concerned about the potential cracks in the system.
Moreover, Tesla’s mobile app has become a source for 3rd party developments, which could thus gain access to the car. Dhanjani has already submitted his report to Telsa, and you can see the Model S cyber security research here.