Tesla ‘Hack’ Can Unlock Car Doors

Weaknesses in the way Tesla lets drivers control their cars could allow someone to easily open the doors to one of the super-efficient vehicles, a security researcher has warned.

Whilst praising the Tesla Model S for its innovation, Nitesh Dhanjani said the car manufacturer’s website did not appear to have any particular account lockout policy when large numbers of login attempts were made.

A brute force attempt on the login pages could therefore open up user accounts, he said. Similar tactics could be used to gain access to the iPhone app, which allows the user to unlock the car, determine its location and view its charge status.

Brute forcing Tesla logins

“Tesla should address the issue of using static passwords with low complexity requirements,” Dhanjani said in a blog post.

“Tesla owners should be aware of risks based on the current situation and take precautions.” Those precautions should include stronger passwords, added Dhanjani, who had presented his findings at BlackHat Asia.

He also warned of the potential for malicious third-party applications to connect to the Tesla application programming interface (API). It appeared, looking at the Google Glass app for Tesla, that those apps connecting to the API would handle logins for users, indicating usernames and passwords would be shared with the third-party software.

“Until Tesla announces an SDK and methods they are going to outline to sandbox applications, users should refrain from using third party applications,” he added.

“Given the serious nature of this topic, we know we can’t attempt to secure our vehicles the way we have attempted to secure our workstations at home in the past by relying on static passwords and trusted networks. The implications to physical security and privacy in this context have raised stakes to the next level.”

Tesla had not responded to a request for comment at the time of publication.

The car company has a responsible vulnerability disclosure programme and has hired various big name security professionals to ensure its cars are safe. That included the  “hacker princess” of Apple, Kristin Paget.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Google Fiber Plans US Network Expansion – Report

Google Fiber resurfaces. Network to be expanded to offer speedy internet connectivity to cities in…

3 hours ago

Samsung Unveils Two New Folding Smartphones

Foldable updates from Samsung. include new versions of its pocket sized square (Galaxy Z Flip…

3 hours ago

Facebook At Centre Of US Teenager Home Abortion Case

Court documents show Facebook provided police in the US state of Nebraska with a teenager's…

6 hours ago

President Biden Signs $53 Billion US Chips Act

President Joe Biden signs landmark bill to encourage chip makers to build more semiconductor manufacturing…

8 hours ago

WhatsApp Update To Allow Users To Leave Groups Silently

Privacy changes to WhatsApp. No more blanket notifications to a group if a user decides…

9 hours ago