SINGAPORE - Tesla Motors Inc's electric vehicles can be located and unlocked by criminals remotely simply by cracking a six-character password using traditional hacking techniques, according to newly released research.
Nitesh Dhanjani, a corporate security consultant, Tesla owner and author of books on hacking, said at a conference in Singapore last Friday that he recently conducted a study of the Tesla Model S sedan and found several design flaws in its security system. He said his review did not uncover any hidden software vulnerabilities in the car's major systems.
|
 |
|
|
Dhanjani said he has passed on his findings to Tesla.
Tesla spokesman Patrick Jones declined to comment on Dhanjani's findings, though he said that the carmaker does carefully review research it receives from security experts.
"We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process," Jones said via email.
Tesla's Model S car can only be driven when a key fob is present, but it can be unlocked via a command to the car transmitted wirelessly over the Internet, according to Dhanjani.
If a password is stolen or cracked, someone could locate and gain access to the car and steal its contents, but not drive it, Dhanjani said.
Users are required to set up an account secured by a six-character password when they order the car. This password is used to unlock a mobile phone app and to gain access to the user's online Tesla account.
The freely available mobile app can locate and unlock the car remotely, as well as control and monitor other functions. The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account, Dhanjani said.
Copyright 1995 - . All rights reserved. The content (including but not limited to text, photo, multimedia information, etc) published in this site belongs to China Daily Information Co (CDIC). Without written authorization from CDIC, such content shall not be republished or used in any form. Note: Browsers with 1024*768 or higher resolution are suggested for this site.
License for publishing multimedia online 0108263 Registration Number: 20100000002731 
