The only thing standing between a hacker and a $ 100,000 Tesla is a password of 6 characters, says Nitesh Dhanjani , author of several books on hacking and own a Tesla, at the Black Hat security conference in Singapore Asia. Dhanjani found several design flaws in the security system of the Tesla Model S sedan.
He found no vulnerabilities in the main system and its findings forwarded to Tesla.
Dhanjani states that if your password is stolen or hacked be. Thus easily traced the location of the car.
The car can be opened and belongings in the car to be stolen. To actually start the car does need a key.
When the car is ordered, the user creates an account which is only protected by a password of 6 characters. This password is used for the mobile app and the Tesla online account. The freely available app can determine the location of the car but also certain features of the car monitor and manage. The password is vulnerable to attack the usual methods that are used to gain access. To a computer or online account Thus, it is possible to guess the password, for example, via the website Tesla, as it permits an unlimited number of log-in attempts. "It is quite something when a car of $ 100,000 is only protected by a password of 6 characters" says Dhanjani.
Tesla would not comment on the findings of Dhanjani but spokesman Patrick Jones gave an e-mail to the findings of security researchers to observe and investigate further. Extremely seriously "Together with our team of top-notch security professionals protect our products and systems against vulnerabilities. We also work together with the community of security researchers and encourage them to communicate with us."
He found no vulnerabilities in the main system and its findings forwarded to Tesla.
Dhanjani states that if your password is stolen or hacked be. Thus easily traced the location of the car.
The car can be opened and belongings in the car to be stolen. To actually start the car does need a key.
When the car is ordered, the user creates an account which is only protected by a password of 6 characters. This password is used for the mobile app and the Tesla online account. The freely available app can determine the location of the car but also certain features of the car monitor and manage. The password is vulnerable to attack the usual methods that are used to gain access. To a computer or online account Thus, it is possible to guess the password, for example, via the website Tesla, as it permits an unlimited number of log-in attempts. "It is quite something when a car of $ 100,000 is only protected by a password of 6 characters" says Dhanjani.
Tesla would not comment on the findings of Dhanjani but spokesman Patrick Jones gave an e-mail to the findings of security researchers to observe and investigate further. Extremely seriously "Together with our team of top-notch security professionals protect our products and systems against vulnerabilities. We also work together with the community of security researchers and encourage them to communicate with us."
No comments:
Post a Comment