A spot of troubling news today for any of you who happen to own one of the high-tech Tesla electric cars: according to hobbyist hacker Nitesh Dhanjani, the doors aren’t even remotely secure.
Tesla owners must create a password-protected online account, which lets them use a smartphone app to access car locks, locate a car, and also see how much its batteries are charged. A single password gives complete access to an account, which is a problem, according to Dhanjani.
He also found that Tesla’s website didn’t lock users out even if someone typed several incorrect passwords. That opens up the site to what’s known as “brute-force attacks,” where a computer tries thousands of passwords per second until it breaks in. On Monday afternoon, Tesla updated its requirements, locking out users after five incorrect attempts, Dhanjani said. Tesla did not immediately respond to a request for comment.
Well…at least Tesla quietly fixed the problem, even if it’s a bit disgraceful they’ve not bothered to comment on it. A lack of transparency will get you nowhere in the business world.