Tuesday, April 01, 2014

drag2share: Tesla Model S is 'low hanging fruit' for hackers to remotely track or unlock cars

source: http://www.engadget.com/2014/04/01/tesla-hacking/?utm_source=Feed_Classic_Full&utm_medium=feed&utm_campaign=Engadget&?ncid=rss_full

Tesla has toughened the Model S' underbody to help prevent any more fires, but apparently it needs to add some reinforcement to its network features too. An enterprising hacker can't quite drive one of the electric vehicles away (they'd need a key fob to start the car), but holes in the auto's security apparently allow a ne'er-do-well to locate the vehicle, unlock its doors and steal your belongings. As Tesla owner and corporate security consultant Nitesh Dhanjani tells it, this "low-hanging fruit" can be picked by brute-force attacking Tesla's relatively weak one-factor password system, exploiting loopholes in the iOS app's API and by accessing the ride's network-interface jack under the dashboard. Thankfully, he found that the Model S' major systems were safe from attack.