http://www.autoblog.com/2013/08/25/tesla-model-s-vulnerable-hackers/
By Damon Lowney
AutoBlog
Aug 25th 2013
Next time you walk by a parked Tesla and its sunroof is opening and
closing with nobody sitting inside or around it, you could be witnessing a
hacker moment. For all of its strengths as a car, the Model S reportedly
has a weak spot: the security of its API (application programming
interface) authentication, according to an article in the O'Reilly
Community by George Reese, executive director of cloud management at Dell.
Tesla develops and uses its own API authentication protocols, which have
made access to certain Model S functions too easy for hackers, Reese says
- himself a Model S owner.
At question is the Tesla REST API, which is accessed via a web-based
portal, usually by Model S owners with their iPhone or Android-based
smartphone, to perform a variety of menial tasks and check the status of
the car. The Tesla-registered e-mail and password of the car owner is used
to access the API through a web portal, which creates a "token" that lasts
for three months. During that period, owners access the Tesla REST API via
the token without the use of their log-in information. Unfortunately, the
tokens and their respective cars are stored on website databases that are
all too easy to hack, Reese explains, and if a hacker gains access, "it
has free access to all of that site's cars for up to three months with no
ability for the owners to do anything about it." On top of that, there is
no way to revoke access of a compromised application.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
