The car door security system of Tesla Motors Inc (NASDAQ:TSLA) is vulnerable to hackers, and they can use the same technique to access computers, according to a security researcher.
In a blog post, security researcher Nitesh Dhanjani discussed his findings regarding the weakness of the security system of the car doors of the vehicle of Tesla Motors Inc (NASDAQ:TSLA). According to him, all it takes is to crack the six-character password to gain access to open the doors of the electric car, which is considered a low-hanging fruit by experts in the cyber security industry.
Six-character password a problem
According to Dhanjani, consumers are required to register an account on website of Tesla Motors Inc (NASDAQ:TSLA) to order a Model S vehicle. A new user account is required to enter a six-character password, which could lead for the car to be located and unlocked using malware, phishing, brute force attacks, and password leaks.
He noted that once the Model S car is delivered, the owner can use an iOS app to control the electric car including unlocking it, checking its location, and battery status. He emphasized that the problem is a single password provides access to the owners’ account.
No lock-out policy
He found the Tesla Motors Inc (NASDAQ:TSLA) seemed to have no account lockout policy for every incorrect login attempts, which could put owners at risk. According to him, hackers could use brute-force to gain access to the iOS functionality. Since a password is the only requirement to control the app, Dhanjani said hackers could use phishing attacks to steal credentials.
In addition, he emphasized that future generation malware will likely pick up static 1-factor passwords to vehicles such as the Model S vehicle and transmits to botnet herders to provide substantial access to locate and control vehicles. Furthermore, Dhanjani pointed out that users have the tendency to re-use their password on other services, which could allow hackers to use the same password to hack the iOS app and the website of Tesla Motors Inc (NASDAQ:TSLA).
Dhanjani discovered about the vulnerability after testing the security system of his own Model S car, which he bought three weeks ago. He submitted 150 wrong passwords consecutively, and the system did not lock him out.
“The Tesla Model S is a great car and a fantastic product of innovation. Owners of Tesla as well as other cars are increasingly relying on information security to protect the physical safety of their loved ones and their belongings. Given the serious nature of this topic, we know we can’t attempt to secure our vehicles the way we have attempted to secure our workstations at home in the past by relying on static passwords and trusted networks. The implications to physical security and privacy in this context have raised stakes to the next level,” said Dhanjani.
The shares of Tesla Motors Inc (NASDAQ:TSLA) closed at $208.45 per share, down by 1.85% of Monday. The risk management algorithm of Smartstops.net, an stock market risk management firm showed that the equities of the electric car manufacturer is currently at an elevated risk.
Smartstops.net helps its members make wise decisions in trading stocks and protecting their their investments by providing risk price points, which they can use in the next day’s trading and sends alerts when a stock hit an elevated risk state, an indicating a high probability of experiencing a continued price decline. The firm’s risk management algorithms are a product of more than 40 years of stock market experience.