Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Safe use of 3rd party apps?

This site may earn commission on affiliate links.
with the recent so-called "hack" of Tesla accounts supposedly via compromising user passwords and maybe less well designed apps, what is the best practice (other than don't!) for using 3rd party apps.
What should you look for in the way the app is designed, and what is the safest method to obtain a key, particularly now Tesla have further updated the security?
In fact should Tesla produce owner guidelinesfor 3rd party apps, and even a form of certification process?
 
I can't speak to that specifically, but generally I don't understand why people give a 3rd party their credentials to anything. You have no idea what that 3rd party's security is like. Hell, they might not even be storing your username and password with any encryption at all. You also don't know how many fukkos have access to their servers. I've worked with some real shitheads that read customer email as entertainment. And then gossip about it outside of work.
 
  • Like
Reactions: nurusz
At the heart of this exploit was nothing more than the age old issue of the user failing to change the default admin password.

TeslaMate is a self-hosted internet connected application that communicates with your car to collect data. The guy ran port scans over ranges of IP addresses looking to see if he could find any listening on the port that TeslaMate uses. When he found one, he tried the default admin password, and in 25 cases he found people who had not changed the password during installation.

(I should mention when something is self-hosted, that means you are responsible for all security)