http://www.businessspectator.com.au/news/2014/3/31/technology/tesla-cars-vulnerable-password-hacking Tesla cars vulnerable to password hacking Reuters [2014/3/31]
Tesla Motors Inc's electric vehicles can be located and unlocked by criminals remotely simply by cracking a six-character password using traditional hacking techniques, according to newly released research. Nitesh Dhanjani, a corporate security consultant, Tesla owner and author of books on hacking, said at a conference in Singapore that he recently conducted a study of the Tesla Model S sedan and found several design flaws in its security system. He said his review did not uncover any hidden software vulnerabilities in the car's major systems. "We cannot be protecting our cars in the way we protected our (computer) workstations, and failed," he said during a presentation at the Black Hat Asia security conference in Singapore. Dhanjani said he has passed on his findings to Tesla. A Tesla representatives said he could not comment immediately. Tesla's Model S car can only be driven when a key fob is present, but it can be unlocked via a command to the car transmitted wirelessly over the Internet. If a password is stolen or cracked, someone could locate and gain access to the car and steal its contents, but not drive it, Dhanjani said. Users are required to set up an account secured by a six-character password when they order the car. This password is used to unlock a mobile phone app and to gain access to the user's online Tesla account. The freely available mobile app can locate and unlock the car remotely, as well as control and monitor other functions. The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account, Dhanjani said. An attacker might guess the password via a Tesla website, which Dhanjani says does not restrict the number of incorrect login attempts. Attackers could try to gain access to the password from the user's computer via password-stealing viruses, or gain access to other accounts that might use the same password. "It's a big issue where a $100,000 car should be relying on a six-character static password," he said. Dhanjani said there is also evidence that Tesla support staff can unlock cars remotely, leaving car owners vulnerable to attackers impersonating them, and raising questions about the apparent power of such employees to locate and unlock any car with or without the owner's knowledge or permission. [© 2014 Business Spectator] http://www.valuewalk.com/2014/03/tesla-motors-inc-tsla-model-s-highly-vulnerable-to-hacking/ Tesla Motors Inc Model S Highly Vulnerable To Hacking by Vikas Shukla March 31, 2014 - Tesla's door-locking security depends on a six-character password which is vulnerable to hacking ... ... http://arstechnica.com/security/2014/04/how-mobile-app-weakness-could-let-hackers-track-and-unlock-a-tesla-model-s/ How mobile app weakness could let hackers track and unlock a Tesla Model S Apr 1 2014 - Lack of limits on wrong passwords, threats from third-party apps increase risks ... For all EVLN posts use: http://electric-vehicle-discussion-list.413529.n4.nabble.com/template/NamlServlet.jtp?macro=search_page&node=413529&query=evln&sort=date Here are today's archive-only EV posts: EVLN: STM to test BYD electric bus on eight Montréal routes 3/31-4/25 EVLN: EVSE+bicycle-hire+plant-trees> reduce London smog/pollution&dust EVLN: Beat boxer James stars in Focus Electric commercial EVLN: Tesla EVs are only a shock to old fogies EVLN: Apple&Tesla team-up to release iPhone-colored Model S EVs + EVLN: Woolery's plan> update his Sparrow w/ modern tech, 4whl NMG-gen2 {brucedp.150m.com} -- View this message in context: http://electric-vehicle-discussion-list.413529.n4.nabble.com/EVLN-Tesla-EVs-vulnerable-only-a-6-character-password-tp4668775.html Sent from the Electric Vehicle Discussion List mailing list archive at Nabble.com. _______________________________________________ UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub http://lists.evdl.org/listinfo.cgi/ev-evdl.org For EV drag racing discussion, please use NEDRA (http://groups.yahoo.com/group/NEDRA)
