Kraken
Member
Same one everyone else has had... This is FUD to an extent. It doesn't let you drive the car, only unlock the doors. You could accomplish the same thing much quicker with a large rock to the window.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Stolen Model S?
- Thread starter brianstorms
- Start date
-
- Tags
- Driving Dynamics Model S
The article says:
"Tesla's Model S car can only be driven when a key fob is present, but it can be unlocked via a command to the car transmitted wirelessly over the Internet, according to Dhanjani.
If a password is stolen or cracked, someone could locate and gain access to the car and steal its contents, but not drive it, Dhanjani said."
That seems accurate.
"Tesla's Model S car can only be driven when a key fob is present, but it can be unlocked via a command to the car transmitted wirelessly over the Internet, according to Dhanjani.
If a password is stolen or cracked, someone could locate and gain access to the car and steal its contents, but not drive it, Dhanjani said."
That seems accurate.
Raffy.Roma
Rome (Italy)
Agree. I have been told the same thing in another thread of TMC. It looks like many people in the USA are ready to attack Tesla.
What's the reason? Envy?
strider
Active Member
No different than your bank account - only as secure as your password. The challenge for someone trying to steal your car would be how to associate your VIN to your e-mail address which is was you use to log in to the app.
If you are nervous then disable remote access. End of vector.
I'm not trying. Also, I'm not actually into cracking. If you really, really want me to, I suppose I could start working through my contacts who are into cracking and see if I can get your car cracked.... I'm sure someone would take on the challenge and get it done eventually.
Though if you really want your car cracked, issue a public challenge in a prominent place, to attract the attention of the really good crackers, who I don't know how to reach.
Please note, for reference, that I think Tesla is probably doing better than most other auto manufacturers. While it is clear that Tesla took little effort at software security, most auto manufacturers make NO efforts at ALL at software security. Little is better than none. Standards are just low in the auto industry.
I wouldn't worry about it unless you have a reason to expect someone is targeting you.
Last edited:
Exactly, this is self publicity and FUD. Anyone who owns a Tesla knows that you can unlock a tesla if you have the users login email address and the password. You hardly need to be a security expert to point that out. He apparently didn't identify any serious issues in the system so the real extent of this review is to provide additional fodder for journalists to parlay into negative articles. I was amused to hear that this expert is passing his research on to tesla who will no doubt be amazed to hear that you can access the car with a password - full sarcasm intended!
Putting aside that this is redundant information, what is the risk of having remote access? Well assuming that as with any password based system someone could find out the user ID and password, the best they can hope to attain from this is to get into the car without breaking glass or triggering the security system. Other than for purposes of pranking and or vandalism, this doesn't seem like a very rewarding pursuit. If people have valuables left in the car they are running a much greater risk that opportunistic criminals will smash and grab. Opportunistic criminals are hardly likely to see a car and then plot how to uncover the drivers login account when a brick will do the job and most people ignore car alarms. Hacking tends to be opportunistic in a different way but hackers would then have to follow round the car waiting for an opportunity. Presumably for hackers, gaining access to a bank account would be much more lucrative and requires less effort and risk. Ultimately I think tesla could and will add some security to this system, particularly if they start publishing the API. Ideally any new device that logs in could generate a warning email and possibly even require approval prior to being allowed to interact with the car. In the meantime, normal rules of caution should apply for managing login passwords and above all, don't leave valuables in the car.
HankLloydRight
No Roads
Something as simple as using two-factor authentication with Google Authenticator or sending a text to a cellphone would thwart most of these vectors and are pretty easy to implement.
Hopefully, if they do that, it will be an option. That's more security than I want in this case.
I think if each new device used for the car, required acknowledgment from the listed owner by sending an email with an authorize link, that would greatly reduce opportunistic hacking while only adding a small inconvenience to the users, only when setting up a new device. I don't think this needs to be as secure as bank accounts (which in Canada are relatively poorly protected IMHO) as there is little use to hacking it unless the hacker has access to the car - rules out many overseas hacking endeavours. There is some sense in having a few options being further protected by a pin code through the car touch screen, if the car has been unlocked remotely (without a key fob). The option to disable remote access should be one of those.
Now CNN has picked picked up the story about "hacking" the Model S:
Tesla car doors can be hacked - Mar. 31, 2014
Tesla car doors can be hacked - Mar. 31, 2014
"All it takes is cracking a six-character password" They can hack six character password until they've tried every single one, and it will not open my car. may password is more than 6 characters. Also since the only get 5 attempts, they would have to be pretty lucky.
Having said that. I would not mind an option to disallow unlocking via the remote app. It could still check charge level, start charging, flash lights, locate the car, etc, but just disable remote unlock via the app. I've never actually needed that anyway, but I did not want to turn off remote access for the other features.
Along those lines, for valet purposes I'd love to have a PIN requirement for disabling remote control from inside car.
Internet warning...........FWIW
POLICE Warning
>
> This is the new thing these days with people out of work and needing cash. Beware, it's headed our way.
> Warning..! Warning..! Warning..!
>
> Just last weekend on Friday night we parked in a public parking area. As we drove away I noticed a sticker on the rear window of the car. When I took it off after I got home, it was a receipt for gas.. Luckily my friend told me not to stop as it could be someone waiting for me to get out of the car.. Then we received this email yesterday:
>
> WARNING FROM POLICE
>
> THIS APPLIES TO BOTH WOMEN AND MEN
>
> BEWARE OF PAPER ON THE BACK WINDOW OF YOUR VEHICLE--NEW WAY TO DO CARJACKINGS (NOT A JOKE)
>
> Heads up everyone! Please, keep this circulating.. You walk across the parking lot, unlock your car and get inside. You start the engine and shift into reverse..
>
> When you look into the rearview mirror to back out of your parking space, you notice a piece of paper stuck to the middle of the rear window. So, you shift into Park, unlock your doors, and jump out of your car to remove that paper (or whatever it is) that is obstructing your view. When you reach the back of your car, that is when the carjackers appear out of nowhere, jump into your car and take off. They practically mow you down as they speed off in your car.
>
> And guess what, ladies? I bet your purse is still in the car.
>
> So now the carjacker has your car, your home address, your money, and your keys. Your home and your whole identity are now compromised!
>
> BEWARE OF THIS NEW SCHEME THAT IS NOW BEING USED.
>
> If you see a piece of paper stuck to your back window, just drive away. Remove the paper later. And be thankful that you read this e-mail. I hope you will forward this to friends and family, especially to women. A purse contains all kinds of personal information and identification documents, and you certainly do NOT want it to fall into the wrong hands.
> Please keep this going and tell all your friends
POLICE Warning
>
> This is the new thing these days with people out of work and needing cash. Beware, it's headed our way.
> Warning..! Warning..! Warning..!
>
> Just last weekend on Friday night we parked in a public parking area. As we drove away I noticed a sticker on the rear window of the car. When I took it off after I got home, it was a receipt for gas.. Luckily my friend told me not to stop as it could be someone waiting for me to get out of the car.. Then we received this email yesterday:
>
> WARNING FROM POLICE
>
> THIS APPLIES TO BOTH WOMEN AND MEN
>
> BEWARE OF PAPER ON THE BACK WINDOW OF YOUR VEHICLE--NEW WAY TO DO CARJACKINGS (NOT A JOKE)
>
> Heads up everyone! Please, keep this circulating.. You walk across the parking lot, unlock your car and get inside. You start the engine and shift into reverse..
>
> When you look into the rearview mirror to back out of your parking space, you notice a piece of paper stuck to the middle of the rear window. So, you shift into Park, unlock your doors, and jump out of your car to remove that paper (or whatever it is) that is obstructing your view. When you reach the back of your car, that is when the carjackers appear out of nowhere, jump into your car and take off. They practically mow you down as they speed off in your car.
>
> And guess what, ladies? I bet your purse is still in the car.
>
> So now the carjacker has your car, your home address, your money, and your keys. Your home and your whole identity are now compromised!
>
> BEWARE OF THIS NEW SCHEME THAT IS NOW BEING USED.
>
> If you see a piece of paper stuck to your back window, just drive away. Remove the paper later. And be thankful that you read this e-mail. I hope you will forward this to friends and family, especially to women. A purse contains all kinds of personal information and identification documents, and you certainly do NOT want it to fall into the wrong hands.
> Please keep this going and tell all your friends
EarlyAdopter
Active Member
Similar threads
