Basic computer hacking techniques could be used to unlock a high-tech Tesla car, a security expert has warned.
Security researcher Nitesh Dhanjani, speaking at a Singapore technology conference, pointed out the alleged security flaws in the Tesla Model S.
The car can be locked and unlocked using an iPhone app, which is accessed using a basic six-character password.
Users are not frozen out after a certain number of login attempts, meaning it is open to 'brute force' hacking attacks where thousands of password combinations are automatically entered using specialist software.
Mr Dhanjani also pointed out the system is also vulnerable to phishing attacks to obtain the password.
Once in, an attacker could pinpoint the car's location and unlock it. Mischief-makers could also do relatively innocuous things like draining the battery, honking the horn, and tracking the owner's whereabouts.
Mr Dhanjani said: "Tesla should address the issue of using static passwords with low complexity requirements.
"Tesla owners should be aware of risks based on the current situation and take precautions."
Several car models can be controlled using a phone app, but Mr Dhanjani focused his research on the all-electric car because it is seen as the market-leading computerised vehicle.
A Tesla spokesman said: "Our customers' security is our top priority, be that in developing a car with the highest safety rating or doing everything we can to protect them against online security breaches.
"We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process."
(function(d){ var js, ref = d.getElementsByTagName('script')[0]; js = d.createElement('script'); js.id = 'outbrainjs'; js.async = true; js.src = "//widgets.outbrain.com/outbrain.js"; ref.parentNode.insertBefore(js, ref); }(document));
View the original article here
Security researcher Nitesh Dhanjani, speaking at a Singapore technology conference, pointed out the alleged security flaws in the Tesla Model S.
The car can be locked and unlocked using an iPhone app, which is accessed using a basic six-character password.
Users are not frozen out after a certain number of login attempts, meaning it is open to 'brute force' hacking attacks where thousands of password combinations are automatically entered using specialist software.
Mr Dhanjani also pointed out the system is also vulnerable to phishing attacks to obtain the password.
Once in, an attacker could pinpoint the car's location and unlock it. Mischief-makers could also do relatively innocuous things like draining the battery, honking the horn, and tracking the owner's whereabouts.
Mr Dhanjani said: "Tesla should address the issue of using static passwords with low complexity requirements.
"Tesla owners should be aware of risks based on the current situation and take precautions."
Several car models can be controlled using a phone app, but Mr Dhanjani focused his research on the all-electric car because it is seen as the market-leading computerised vehicle.
A Tesla spokesman said: "Our customers' security is our top priority, be that in developing a car with the highest safety rating or doing everything we can to protect them against online security breaches.
"We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process."
(function(d){ var js, ref = d.getElementsByTagName('script')[0]; js = d.createElement('script'); js.id = 'outbrainjs'; js.async = true; js.src = "//widgets.outbrain.com/outbrain.js"; ref.parentNode.insertBefore(js, ref); }(document));
View the original article here
No comments:
Post a Comment