To put it shortly, the Tesla Model S could be unlocked by a hacker, since the operation is possible using wireless Internet access. If someone manages to crack or steal a password, that person can track down the vehicle or get inside it. Nonetheless, the Tesla Model S requires a key to start, so potential thieves could not start the vehicle.
It all starts with the first step of the ordering process, which requires customers to create an account secured via a six-character password. This offers access to a mobile app used to locate, lock/unlock and monitor the Model S’ features.
The problem here is that this is a static six-character password, something that’s not particularly difficult to get around for those in the know. For instance, a thief could simply guess the password, as Tesla’s website doesn’t have a limit for incorrect login attempts. What’s more, the password is vulnerable through the user’s email accounts.
"It's a big issue where a $100,000 car should be relying on a six-character static password," Dhanjani said.
Another issue was found with the fact that the Tesla customer service has the power to remotely unlock cars. The various background checks required to maintain such a system safe are not known to the Tesla users, with Dhanjani being concerned about the potential cracks in the system.
Moreover, Tesla’s mobile app has become a source for 3rd party developments, which could thus gain access to the car. Dhanjani has already submitted his report to Telsa, and you can see the Model S cyber security research here.