Tesla electric cars vulnerable to remote unlocking hack, researchers say

Security experts have discovered that Tesla electric vehicles are easily hackable and can be locked and unlocked remotely by cyberattackers.

The Internet of Things and connected devices have caused concern for security experts, and the latest issue to come to light is no exception: the ease in which electric cars can be broken in to.

At the Black Hat Asia cybersecurity conference in Singapore on Friday, corporate security consultant Nitesh Dhanjani revealed that his recent research revealed an appalling finding: Tesla electric cars are vulnerable to simple, traditional hacking techniques.

Dhanjani used the Tesla Model S sedan as a test case for finding flaws that cybercriminals could exploit. The researcher found that by cracking a single password, he was able to lock and unlock the car remotely.

A key fob, or keychain, is needed to transmit a wireless signal over the Internet to the smart vehicle, unlocking the car as the owner sees fit. However, if this key -- a single 6-digit password -- is hijacked, stolen, or hacked through traditional cracking, the criminal has the tools necessary to enter the EV and steal its contents -- although they cannot drive it using only this technique.

The same password is used to sign up to a Tesla account when a car is purchased, and the Tesla website has no limit on incorrect login attempts, which makes password hunting easier for a hacker. In a world where the most common passwords include 'qwerty,' 'ninja,' and 'jesus,' this does not bode well for the general public. 

Dhanjani said:

"The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account. It's a big issue where a $100,000 car should be relying on a six-character static password."

Read on: The Hacker News

Image credit: Tesla

This post was originally published on Smartplanet.com


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All