Tesla Hacked at Security Contest

Tuesday, July 22, 2014 @ 12:07 PM gHale


Tesla Motors Inc.’s Model S sedan is the target of a hacking contest in Beijing and one security company discovered a way to remotely control the car’s horn, locks, headlights and skylight.

Qihoo 360 Technology Co. is the firm that found the vulnerabilities and can control the car while it is in motion, the Beijing-based Internet security company said. Wu Jing, a director of investor relations for the company, said its information technology department conducted the experiment.

RELATED STORIES
Tesla’s not Hack Proof
Tesla to Contest Safety Fines
Engineer gets 15 Years for Espionage
Two Guilty of Stealing Trade Secrets

“While Tesla is not associated with the conference and is not a sponsor of the competition, we support the idea of providing an environment in which responsible security researchers can help identify potential vulnerabilities,” the Palo Alto, CA-based Tesla said in a Bloomberg report. “We hope that the security researchers will act responsibly and in good faith.”

In addition, Tesla said it will investigate and rectify any vulnerabilities discovered.

Tesla’s Chief Executive Elon Musk said last month the automaker’s patents will be “open source” and available at no charge as it seeks to expand adoption of electric cars. On top of that the company started delivering vehicles to China in April and Musk said its sales volume in the country may match that of the U.S. as early as 2015.

The carmaker asked security researchers to report potential vulnerabilities in accordance with its policy and not to hack its website, servers and networks.

The SyScan +360 conference is offering $10,000 to anyone who successfully hacks into the Model S, according to its website.

This is not the first time Tesla looked at hacking issues.

In April, ISSSource reported by obtaining a password set when registering an online account on the company’s website, hackers can get into a Tesla electric vehicles.

The online account created by owners enables them to control the car from their iPhones. They can lock and unlock the car, flash the lights, honk the horn, change its status and track its location, said corporate security consultant and Tesla owner Nitesh Dhanjani.

While they wouldn’t be able to start the car, individuals with access to the password could track it down, unlock it and take what is inside.

The password set by Tesla owners when they create an account is six characters long, and it must contain at least one number and one letter.

This makes the password easy to obtain with brute-force attacks. Since it’s only 6 characters long, it’s not difficult to crack. Furthermore, there are no account lockout policies for incorrect login attempts.



Leave a Reply

You must be logged in to post a comment.