Information Security News mailing list archives
Hacked passwords can enable remote unlocking, tracking of Tesla cars
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 2 Apr 2014 05:24:05 +0000 (UTC)
http://www.networkworld.com/news/2014/040114-hacked-passwords-can-enable-remote-280268.html [There was a good tweet about solving this problem now with a simple fix https://twitter.com/justinlundy_/status/449759008253964288 - WK] By Lucian Constantin IDG News Service April 01, 2014Tesla Motors accounts are protected only by simple passwords, making it easy for hackers to potentially track and unlock cars, according to a security researcher.
Tesla Model S owners need to create an account on teslamotors.com when they order their cars and the same account allows them to use an iOS app to remotely unlock the car's doors, locate it, close and open its roof, flash its lights or honk its horn.
Despite providing access to important car features, these accounts are only protected by a password with low-complexity requirements -- six characters long and at least one number and one letter -- a security researcher named Nitesh Dhanjani said Friday in a blog post.
The Tesla Motors site also doesn't seem to have an account lockout policy based on incorrect log-in attempts, which makes accounts registered on the site susceptible to brute-force password guessing attempts, Dhanjani said.
[...] -- Subscribe to InfoSec News http://www.infosecnews.org/subscribe-to-infosec-news/
Current thread:
- Hacked passwords can enable remote unlocking, tracking of Tesla cars InfoSec News (Apr 01)