Hacking News telsa car

Published on March 31st, 2014 | Post Views: 3,129  Hits Post Views

Hackers Find Weaknesses In Tesla Cars Computer Systems

a new research carried out on the Tesla Smart car has proved that the hackers are able to remotely locate or unlock the Tesla Motors Inc. electric vehicles, just by cracking a six-character password using traditional hacking techniques.

At the Black Hat Asia security conference in Singapore on Friday, Nitesh Dhanjani, a corporate security consultant and Tesla owner, said a recent study conducted by him on the Tesla Model S sedan pointed out several design flaws in its security system, and there wasn’t any hidden software vulnerabilities in the car’s major systems. The major vulnerability sites somewhere else.

▼Advertisements

According to Dhanjani, the Model S of Tesla Motors requires a key fob in order to drive it, but the car can be unlocked through a command transmitted wireless over the Internet to the Smart car. Now this command could be hijack by the cybercriminals, as it’s quite easy to crack the password using traditional hacking techniques or steal it either way.
By using this password, attackers would not be able to drive your car, but could unlock, locate and gain access to your car and steal its contents, like laptops, tablets, GPS systems, money, or whatever’s stored in the car.
We cannot be protecting our cars in the way we protected our (computer) workstations, and failed,” he said during a presentation.
HOW TO HACK ‘Tesla Smart Car’
When the users order a car, they are required to sign up an account, secured by a six-character long password (key) that is also used to unlock the mobile phone app to gain access to their online Tesla account (https://www.teslamotors.com).
tesla smart car hacking
Tesla Smartphone app is freely available for your device, and using it you can easily locate and unlock your car remotely, furthermore, the app can control and monitor other functions of your car as well.
tesla smart car hacking
Now, this password (key) might easily guess by a hacker via a Tesla website, which has no restriction on the number of incorrect login attempts.
The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account,” Dhanjani said. “It’s a big issue where a $100,000 car should be relying on a six-character static password,” he added.
tesla smart car hacking
Dhanjani has reported his findings to Tesla, but Tesla spokesman Patrick Jones declined to comment on it, though he said the research they received by the security experts is carefully reviewed by the carmakers.

▼Advertisements

We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process,” Jones said via an email.
Dhanjani also claimed through evidence that Tesla support staff can unlock cars remotely, leaving the car owner vulnerable to hackers, an attacker could masquerade as Tesla staff and might succeed to hack into the users’ car.












4 Responses to Hackers Find Weaknesses In Tesla Cars Computer Systems

  1. jtharris1818 says:

    Yeah, or the criminal could use a $10 slim jim and gain access to the car (or any OTHER car) in 15 seconds. This is major news? I’m sure Detroit and the Auto Dealerships will have a field day with this “dangerous” report about Tesla cars.

  2. Bryan Boettcher says:

    Why are you showing a screen grab with the “plain text” password? That’s going over a SSL connection, and is impervious to sniffing with valid certificates (which Tesla will have).

Leave a Reply

Back to Top ↑

Read previous post:
HackersDome
Hacker’s Dome – Gamification the Information Security

The Infosec team behind Capture The Flag platform CTF365 has created a place for hackers to play weekend CTFs with great prizes, called Hacker's Dome. In...

Close