Hackers can access $100,000 Tesla electric cars with a simple password hack, security expert claims.
Tesla’s electric cars can be easily located and hacked into using a simple password crack, according to security experts. In a conference in Singapore last week, Nitesh Dhanjani, a corporate security consultant, said he conducted a study of the Tesla Model S and found several flaws in the design of its security system.
When users order the car, they are required to set up an account and set a six-character password. This password is used to unlock a mobile phone app which then goes into the user’s online Tesla account. The Tesla Model S car can only be driven when a key fob is present, but according to Mr Dhanjani, the car can still be unlocked via a command which is transmitted wirelessly over the internet.
Dhanjani went on to say that if a password is stolen or cracked, someone could locate and gain access to the car. Although they would not be able to drive it, they could still steal the contents inside. He added: “We cannot be protecting our cars in the way we protected our [computer] workstations, and failed.”
So how exactly would an attacker be able to guess the user’s password? Dhanjani said that attackers could try to gain access to the password from the user’s computer via password-stealing viruses. It’s risky having a $100,000 car rely on a six character password for security, Dhanjani concluded.
The security flaws have been passed onto Tesla. Tesla spokesman Patrick Jones responded: “We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals.”
Mr Jones added: “We continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process.”
Do you think Tesla cars being secured by passwords is safe? Share your thoughts in the comment section below.