http://www.networkworld.com/news/2014/040114-hacked-passwords-can-enable-remote-280268.html
[There was a good tweet about solving this problem now with a simple fix
https://twitter.com/justinlundy_/status/449759008253964288 - WK]
By Lucian Constantin
IDG News Service
April 01, 2014
Tesla Motors accounts are protected only by simple passwords, making it
easy for hackers to potentially track and unlock cars, according to a
security researcher.
Tesla Model S owners need to create an account on teslamotors.com when
they order their cars and the same account allows them to use an iOS app
to remotely unlock the car's doors, locate it, close and open its roof,
flash its lights or honk its horn.
Despite providing access to important car features, these accounts are
only protected by a password with low-complexity requirements -- six
characters long and at least one number and one letter -- a security
researcher named Nitesh Dhanjani said Friday in a blog post.
The Tesla Motors site also doesn't seem to have an account lockout policy
based on incorrect log-in attempts, which makes accounts registered on the
site susceptible to brute-force password guessing attempts, Dhanjani said.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
