Tesla Model S vulnerable to hackers?

[InfoSec News <alerts () infosecnews org>]

http://www.autoblog.com/2013/08/25/tesla-model-s-vulnerable-hackers/

By Damon Lowney
AutoBlog
Aug 25th 2013

Next time you walk by a parked Tesla and its sunroof is opening and 
closing with nobody sitting inside or around it, you could be witnessing a 
hacker moment. For all of its strengths as a car, the Model S reportedly 
has a weak spot: the security of its API (application programming 
interface) authentication, according to an article in the O'Reilly 
Community by George Reese, executive director of cloud management at Dell. 
Tesla develops and uses its own API authentication protocols, which have 
made access to certain Model S functions too easy for hackers, Reese says 
- himself a Model S owner.

At question is the Tesla REST API, which is accessed via a web-based 
portal, usually by Model S owners with their iPhone or Android-based 
smartphone, to perform a variety of menial tasks and check the status of 
the car. The Tesla-registered e-mail and password of the car owner is used 
to access the API through a web portal, which creates a "token" that lasts 
for three months. During that period, owners access the Tesla REST API via 
the token without the use of their log-in information. Unfortunately, the 
tokens and their respective cars are stored on website databases that are 
all too easy to hack, Reese explains, and if a hacker gains access, "it 
has free access to all of that site's cars for up to three months with no 
ability for the owners to do anything about it." On top of that, there is 
no way to revoke access of a compromised application.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/