The Tesla Model S car needs more reinforced security technology or else it will be exploited. That’s according to Nitesh Dhanjani, a security consultant and author, that has drawn attention to flaws in the system that could allow a hacker to remotely locate the car and unlock the doors.
While the attacker would not be able to drive the car, the exploit provides a window for stealing the belongings inside it.
Dhanjani, who owns a Tesla car himself, is hoping that head honcho Elon Musk will take notice and act on the flaws asap. The exploit is remarkably simple for any savvy hacker to take advantage of as all that is need is to crack a six digit password to gain access.
While speaking at the Black Hat Asia security conference in Singapore, Dhanjani stated that “We cannot be protecting our cars in the way we protected our [computer] workstation”, drawing attention to the fact that the cars of the future will need their own level of security, instead of similar systems for phones and computers.
Are Tesla looking at more security issues?
He was also keen to point out other flaws in Tesla’s security such as a lack of lockout policy for incorrect login attempts and the iPhone app’s vulnerability to phishing attacks.
“In addition to these issues, it is widely known amongst Tesla owners that Tesla customer service has the ability to unlock cars remotely,” he wrote. “It is unclear what consistent requirements owners have to go through to verify their identity. Without clear requirements, it is possible that a malicious entity may be successful in social engineering Tesla customer service to unlock someone else’s car.”
He added: “It is also unclear what background checks Tesla employees are subject to prior to be given the power to unlock any Tesla car.”
Tesla have yet to address these concerns in any concrete way but have stated that they use “top-notch information and security professionals”.