Published on March 31st, 2014 |
Hackers Find Weaknesses In Tesla Cars Computer Systems
a new research carried out on the Tesla Smart car has proved that the hackers are able to remotely locate or unlock the Tesla Motors Inc. electric vehicles, just by cracking a six-character password using traditional hacking techniques.
At the Black Hat Asia security conference in Singapore on Friday, Nitesh Dhanjani, a corporate security consultant and Tesla owner, said a recent study conducted by him on the Tesla Model S sedan pointed out several design flaws in its security system, and there wasn’t any hidden software vulnerabilities in the car’s major systems. The major vulnerability sites somewhere else.
According to Dhanjani, the Model S of Tesla Motors requires a key fob in order to drive it, but the car can be unlocked through a command transmitted wireless over the Internet to the Smart car. Now this command could be hijack by the cybercriminals, as it’s quite easy to crack the password using traditional hacking techniques or steal it either way.
By using this password, attackers would not be able to drive your car, but could unlock, locate and gain access to your car and steal its contents, like laptops, tablets, GPS systems, money, or whatever’s stored in the car.
“We cannot be protecting our cars in the way we protected our (computer) workstations, and failed,” he said during a presentation.
HOW TO HACK ‘Tesla Smart Car’
When the users order a car, they are required to sign up an account, secured by a six-character long password (key) that is also used to unlock the mobile phone app to gain access to their online Tesla account (https://www.teslamotors.com).
Tesla Smartphone app is freely available for your device, and using it you can easily locate and unlock your car remotely, furthermore, the app can control and monitor other functions of your car as well.
Now, this password (key) might easily guess by a hacker via a Tesla website, which has no restriction on the number of incorrect login attempts.
“The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account,” Dhanjani said. “It’s a big issue where a $100,000 car should be relying on a six-character static password,” he added.
Dhanjani has reported his findings to Tesla, but Tesla spokesman Patrick Jones declined to comment on it, though he said the research they received by the security experts is carefully reviewed by the carmakers.
“We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process,” Jones said via an email.
Dhanjani also claimed through evidence that Tesla support staff can unlock cars remotely, leaving the car owner vulnerable to hackers, an attacker could masquerade as Tesla staff and might succeed to hack into the users’ car.