Tesla has toughened the Model S’ underbody to help prevent any more fires, but apparently it needs to add some reinforcement to its network features too. An enterprising hacker can’t quite drive one of the electric vehicles away (they’d need a key fob to start the car), but holes in the auto’s security apparently allow a ne’er-do-well to locate the vehicle, unlock its doors and steal your belongings. As Tesla owner and corporate security consultant Nitesh Dhanjani tells it, this “low-hanging fruit” can be picked by brute-force attacking Tesla’s relatively weak one-factor password system, exploiting loopholes in the iOS app’s API and by accessing the ride’s network-interface jack under the dashboard. Thankfully, he found that the Model S’ major systems were safe from attack.
Dhanjani’s submitted his findings to Musk and Co. and he advises current owners to take the precautions he’s outlined to heart, specifically warning against using third-party apps. Tesla didn’t respond directly to his concerns, but a spokesman has toldReuters that the company carefully reviews research provided by the security community.