SammichLover
Banned
That comes off as sorta judgey about people's recreational choices.I don't know, butt you'd definitely want to have to want get into the car.
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
That comes off as sorta judgey about people's recreational choices.I don't know, butt you'd definitely want to have to want get into the car.
The vector the video is talking about is spoofing a login screen to get you to enter your credentials. They don't need to interact with the app at all except on their end when they use your stolen credentials in a valid version of the app to unlock your car.True - but the vector here would be to spoof Tesla's service endpoints that the app talks too and use a MITM proxy. Luckily, all this is mitigated by a lot of clever handshaking between the App, Tesla's services, and the car.
What about signing on via a browser on the mobile phone via LTE?
The best solution to prevent this from happening is to not allow the use of your Tesla credentials to validate pint to drive. .
True. It would be a good idea to use an email without andBecause it would be made to look exactly like Tesla.com. Many (not all) people would be fooled into entering their password.
But even without this hack, for people who reuse their passwords, someone can just try to log into Tesla.com using publicly available lists of emails/passwords. One they succeed, they can locate the car and steal it.
This is a very real security issue.
lol looks weird.
Really?I'm really just waiting for Teslafi, Stats, Commands, whatever stupid BS app people are using to 'monitor' their cars to get hacked. Lots of Tesla's will go missing and then Tesla will add MFA.
You must have a different version of the app, or I'm just not seeing it. Where can you disable pin to drive in the app?Since you can disable PIN to drive from the app that doesn't help at all.
You must have a different version of the app, or I'm just not seeing it. Where can you disable pin to drive in the app?
Good thing I was on my couch because I probably would fallen off my chair laughing.
Tesla Mother Frunker @MFrunker 9h9 hours ago
Replying to @elonmusk@Tesla
Can we get two step verification for our @Tesla accounts? It would improve security greatly.
Elon MuskVerified account @elonmusk1h1 hour ago
Yes
mobile phone via LTE?
as the one that it was supposed to remember.
I like Ben Sullen's videos, but this "dramatic reenactment" is not really a realistic, IMHO.
You are correct its a dramatization. You better believe the next Library or Chipotle your in some person has one in his backpack and is working the room for his college assignment. Probably not for college.
But, nobody else has gone to the trouble to do the dramatization either.
So here we all are looking at the elephant in the room we knew existed and getting smarter about how we interact daily with our devices and our car. I think it helps and really the whole referral thing is over for now so his motives are pretty darn clean. Please tell me if I am off base here?
Pineapples have been in existence for quite some time. Amazon has one for US$59. Thats the problem here, "internet regulation".
Facebook on and on. Laws need to be enacted to "protect the innocent". Remember Dragnet.?
Now its the Internet.
As an example, I don't think you can read your charging history via the app? I've wanted to look at that occasionally when I'm on the road, value in that (I have no interest in going down the "need" pedantry rabbit hole), so I've logged into my Tesla account via my phone. It isn't the best experience, the page isn't really sized for it, but it did work when I used it.Still waiting for someone to explain why anyone ever needs to use their phone to log into the tesla.com website at a Chipolte. Ever.
Anybody?
The app isn't spoofable like the website is.
(neither is the website if you pay enough attention to look for https, but again why do you ever "need" to log into a website on your phone at chipolte?)
As an example, I don't think you can read your charging history via the app? I've wanted to look at that occasionally when I'm on the road, value in that (I have no interest in going down the "need" pedantry rabbit hole), so I've logged into my Tesla account via my phone. It isn't the best experience, the page isn't really sized for it, but it did work when I used it.
Of course I don't use wifi anywhere but home.
What I'm not clear on is how this sort of attack is the low hanging fruit compared to jacking other vehicles. The Model 3 in particular isn't that expensive.
That's not how tokens work. Best practice is:I'm really just waiting for Teslafi, Stats, Commands, whatever stupid BS app people are using to 'monitor' their cars to get hacked. Lots of Tesla's will go missing and then Tesla will add MFA.