I don’t find this worrisome, since if someone wants access to a Tesla S, they’d find a way to break in. But I do find it interesting.
Tesla Motors Inc’s electric vehicles can be located and unlocked by criminals remotely simply by cracking a six-character password using traditional hacking techniques, according to newly released research.
It’s not like someone could take the car without the fob or stop the car while you are driving it. Both of those things would obviously be real issues for the owner.
Users are required to set up an account secured by a six-character password when they order the car. This password is used to unlock a mobile phone app and to gain access to the user’s online Tesla account.
The freely available mobile app can locate and unlock the car remotely, as well as control and monitor other functions. The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account, Dhanjani said.
An attacker might guess the password via a Tesla website, which Dhanjani says does not restrict the number of incorrect login attempts.
This wouldn’t stop me from buying a Tesla, but I do hope they give this problem some thought.