Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Hacked passwords can enable remote unlocking, tracking of Tesla cars

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 2 Apr 2014 05:24:05 +0000 (UTC)
http://www.networkworld.com/news/2014/040114-hacked-passwords-can-enable-remote-280268.html

[There was a good tweet about solving this problem now with a simple fix
https://twitter.com/justinlundy_/status/449759008253964288  - WK]


By Lucian Constantin
IDG News Service
April 01, 2014
Tesla Motors accounts are protected only by simple passwords, making it easy for hackers to potentially track and unlock cars, according to a security researcher.
Tesla Model S owners need to create an account on teslamotors.com when they order their cars and the same account allows them to use an iOS app to remotely unlock the car's doors, locate it, close and open its roof, flash its lights or honk its horn.
Despite providing access to important car features, these accounts are only protected by a password with low-complexity requirements -- six characters long and at least one number and one letter -- a security researcher named Nitesh Dhanjani said Friday in a blog post.
The Tesla Motors site also doesn't seem to have an account lockout policy based on incorrect log-in attempts, which makes accounts registered on the site susceptible to brute-force password guessing attempts, Dhanjani said. 

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
Previous By Date Next
Previous By Thread Next

Current thread: