Report: Tesla Model S vulnerable to hackers?

Filed under: Sedan, Safety, Technology, Tesla, Electric, Luxury

Tesla Model S could be vulnerable to hackers.

Next time you walk by a parked Tesla and its sunroof is opening and closing with nobody sitting inside or around it, you could be witnessing a hacker moment. For all of its strengths as a car, the Model S reportedly has a weak spot: the security of its API (application programming interface) authentication, according to an article in the O’Reilly Community by George Reese, executive director of cloud management at Dell. Tesla develops and uses its own API authentication protocols, which have made access to certain Model S functions too easy for hackers, Reese says – himself a Model S owner.

At question is the Tesla REST API, which is accessed via a web-based portal, usually by Model S owners with their iPhone or Android-based smartphone, to perform a variety of menial tasks and check the status of the car. The Tesla-registered e-mail and password of the car owner is used to access the API through a web portal, which creates a “token” that lasts for three months. During that period, owners access the Tesla REST API via the token without the use of their log-in information. Unfortunately, the tokens and their respective cars are stored on website databases that are all too easy to hack, Reese explains, and if a hacker gains access, “it has free access to all of that site’s cars for up to three months with no ability for the owners to do anything about it.” On top of that, there is no way to revoke access of a compromised application.

Reese says that “there’s nothing in the API that (can? should?) result in an accident if someone malicious were to gain access.” The API can check the car’s battery charge, operate climate control, operate the sunroof, identify car location, honk the horn, open the charge port, and perform other similar operations. But, he cautions, “Perhaps the scariest bit is that the API could be used to track your every move.”

At least it’s not a major hack-attack like that experienced by a Forbes reporter in a Prius. Now that’s scary!

Tesla Model S vulnerable to hackers? originally appeared on Autoblog on Sun, 25 Aug 2013 10:33:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Continue reading “Report: Tesla Model S vulnerable to hackers?”

Video: Watch how hackers can take control of your car

Filed under: Government/Legal, Safety, Technology, Videos

Forbes video shows how it is possible to hack into someone else's car and take control - video screencap

When meeting a duo of computer hackers for the very first time, we imagine hearing the words “We want to convince you that we can hurt you – without hurting you,” is bound to release the hounds of anxiety upon your mental makeup. At least, it would ours. And it’s those words, uttered by Charlie Miller and Chris Valasek to Forbes staff reporter Andy Greenberg, that introduce us to the reality that modern-day cars can indeed be hacked.

The next frightening step down the rabbit hole, which is outlined in the video below, involves entering into a Toyota Prius that looks like a science project gone wrong – missing dash, wires hanging down and a laptop computer hiding in the back seat. It’s kind of like being a human marionette puppet with the strings held high above by Dr. Frankenstein’s tech-geeky grandson. In other words, “Are you guys both buckled up?” is no longer a friendly safety-minded reminder, it’s a scared-for-my-life requirement.

See how these two hackers earned a bunch of money from the US government trying to hack into a couple of cars in the video below. And keep your tinfoil hats close by.

Continue reading Watch how hackers can take control of your car

Watch how hackers can take control of your car originally appeared on Autoblog on Wed, 24 Jul 2013 16:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Continue reading “Video: Watch how hackers can take control of your car”