Authentication Flaw in Tesla Model S Opens Door to Hackers, Researcher Says
George Reese, a Senior Distinguished Engineer and Executive Director of Cloud Computing at Dell, says the authentication system in the Tesla Model S car’s API has a vulnerability that hackers could use to remotely control some functions of the car.
Drivers of Tesla electronic car can remotely trigger some actions in their car if they log into https://portal.vn.teslamotors.com/vehicles and register on the portal.
With a dedicated API, Tesla drivers can check from a distance the battery charge, access the climate control or the panoramic sunroof, localize the car, honk the horn or open the charge port.
- It cannot safely operate over any channel but a trusted SSL connection (minor)
- It requires the sharing of the user’s password with third-parties (major)
- No mechanism exists for cataloging applications with active tokens (significant)
- No mechanism exists for revoking the access of a compromised application (major)
- The automated expiration of tokens in 3 months encourages applications to improperly store your email and password (significant)
Logging into that account requires a token that is valid for three months. Anyone that can log in can remotely access some functions of a car. Given the restricted number of actions someone can do via this API, it is clear that no unauthorized person can take complete control over the car or cause an accident.
The damage is rather linked to the economic side. “I can target a site that provides value-added services to Tesla owners and force them to use a lot more electricity than is necessary and shorten their battery lives dramatically. I can also honk their horns, flash their lights, and open and close the sunroof. While none of this is catastrophic, it can certainly be surprising and distracting while someone is driving.”