A corporate security consultant says the Tesla Model S can be located and unlocked remotely using nothing more than a six-character password and basic hacking techniques.
Hacking expert and Tesla owner Nitesh Dhanjani told the Black Hat Asia conference in Singapore last week he found several flaws in the security system of his Model S sedan during his own investigation into the car.
“We cannot be protecting our cars in the way we protected our [computer] workstations, and failed,” Dhanjani said, as reported by Reuters.
He said a six-character password could allow a criminal to locate and open a Tesla Model S and steal any contents inside, though said the key fob was required to drive the vehicle.
All Tesla owners are required to submit a six-character password when they purchase their cars. The password is used to unlock a smartphone app, providing access to the owner’s online account, through which the car can be remotely located and unlocked.
Dhanjani said there is no limit on the number of incorrect login attempts on the app, meaning criminals can guess any password through trail and error.
Dhanjani passed on the results of his investigation to Tesla.
In response, Tesla spokesman Patrick Jones told Reuters the car maker takes security threats seriously and reviewed research submitted by experts.
“We protect our products and systems against vulnerabilities with our dedicated team of top-notch information security professionals, and we continue to work with the community of security researchers and actively encourage them to communicate with us through our responsible reporting process,” Jones said.
The Tesla Model S is set to go on sale in Australia in the coming months.