Tesla ‘Hack’ Can Unlock Car Doors

Weaknesses in the way Tesla lets drivers control their cars could allow someone to easily open the doors to one of the super-efficient vehicles, a security researcher has warned.

Whilst praising the Tesla Model S for its innovation, Nitesh Dhanjani said the car manufacturer’s website did not appear to have any particular account lockout policy when large numbers of login attempts were made.

A brute force attempt on the login pages could therefore open up user accounts, he said. Similar tactics could be used to gain access to the iPhone app, which allows the user to unlock the car, determine its location and view its charge status.

Brute forcing Tesla logins

“Tesla should address the issue of using static passwords with low complexity requirements,” Dhanjani said in a blog post.

“Tesla owners should be aware of risks based on the current situation and take precautions.” Those precautions should include stronger passwords, added Dhanjani, who had presented his findings at BlackHat Asia.

He also warned of the potential for malicious third-party applications to connect to the Tesla application programming interface (API). It appeared, looking at the Google Glass app for Tesla, that those apps connecting to the API would handle logins for users, indicating usernames and passwords would be shared with the third-party software.

“Until Tesla announces an SDK and methods they are going to outline to sandbox applications, users should refrain from using third party applications,” he added.

“Given the serious nature of this topic, we know we can’t attempt to secure our vehicles the way we have attempted to secure our workstations at home in the past by relying on static passwords and trusted networks. The implications to physical security and privacy in this context have raised stakes to the next level.”

Tesla had not responded to a request for comment at the time of publication.

The car company has a responsible vulnerability disclosure programme and has hired various big name security professionals to ensure its cars are safe. That included the  “hacker princess” of Apple, Kristin Paget.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

19 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

20 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

21 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago