Corporate security consultant Nitesh Dhanjani appeared at the Black Hat Asia security conference to report that Tesla’s cars can indeed by hacked. The vehicles can be located and unlocked by cracking a six character password using already known hacking techniques. According to The Hacker News, Dhanjani says there are no major vulnerabilities in the cars major core systems but rather the problem lies somewhere else.
The Hacker News
According to Dhanjani, the Model S of Tesla Motors requires a key fob in order to drive it, but the car can be unlocked through a command transmitted wireless over the Internet to the Smart car. Now this command could be hijack by the cybercriminals, as it’s quite easy to crack the password using traditional hacking techniques or steel it either way.
It’s important to note that this hack will not allow a criminal to steal your car but it could allow them to steal the belongings within the car as well as potentially damage it. While this is an issue, it is a testament to Tesla that Dhanjani didn’t find anything wrong with the major systems of the Model S. I’m not sure there will be many hackers waiting to unlock Model S cars to steal a watch or someone’s IZOD jacket. Below you’ll find The Hacker News outline of Dhanjani’s report. Be sure to check out The Hacker News for other great hacker news stories!
HOW TO HACK ‘Tesla Smart Car’When the users order a car, they are required to sign up an account, secured by a six-character long password (key) that is also used to unlock the mobile phone app to gain access to their online Tesla account (http://www.teslamotors.com).Tesla Smartphone app is freely available for your device, and using it you can easily locate and unlock your car remotely, furthermore, the app can control and monitor other functions of your car as well.Now, this password (key) might easily guess by a hacker via a Tesla website, which has no restriction on the number of incorrect login attempts.“The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account,” Dhanjani said. “It’s a big issue where a $100,000 car should be relying on a six-character static password,” he added.Dhanjani has reported his findings to Tesla, but Tesla spokesman Patrick Jones declined to comment on it, though he said the research they received by the security experts is carefully reviewed by the carmakers.“We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process,” Jones said via an email.Dhanjani also claimed through evidence that Tesla support staff can unlock cars remotely, leaving the car owner vulnerable to hackers, an attacker could masquerade as Tesla staff and might succeed to hack into the users’ car.These small issues must be seriously considered by the car manufacturers as the coming years will totally based on the Android based Smart Cars, as Google has also tied-up with several Auto manufacturers with the goal to bring Android to Cars with built-in controls and hardware by the end of this year.