Tesla Motors' (NASDAQ:TSLA) Model S is one of the highest-tech cars on the road today. But it could also be the most vulnerable to hackers. Connected cars such as the all-electric Model S are exciting for a number of reasons, including vehicle-to-vehicle communication that makes driving safer or servicing your car remotely using a Wi-Fi connection. However, new research suggests that breaking into one of Tesla's EVs is as simple as hacking an eight-letter password.
A real hack job
The Model S comes equipped with high-speed features including its own hot spot for Internet connectivity on the go and a mobile iOS app. Tesla owners can directly communicate with their cars from anywhere using the iPhone application. This means that they can use their smartphones to pinpoint the precise location of their cars, honk the horn, and even remotely unlock the doors. While this creates an added level of convenience for the driver, it also raises some security concerns.
Car hacking is a growing concern today as more connected cars hit the road. However, little has been done thus far to address the issue. Tesla's top-rated safety scores, for example, don't take into account the probability of someone locating your vehicle through the mobile app, and breaking into the car by unlocking its doors.
Security researcher Nitesh Dhanjani sees this as a real threat to Tesla owners everywhere. A hacker only needs an eight-character password to access a Model S. "The use of just a password is known as single-factor authentication, and it's an absolute no-no in the security industry if you're protecting absolutely anything of value," according to ExtremeTech.
On top of this, Tesla's mobile app won't lock out a user after a series of incorrect log-in attempts. This could make it easier for potential hackers to try an unlimited number of password combinations. While this hasn't proven to be a problem for Tesla drivers yet, it presents a real-world risk that shouldn't be understated. It would be relatively easy for Tesla to get ahead of this, before any potential attacks happen.
For starters, the EV maker could require two-factor authentication instead of its current setup, which just asks for a user's password. Also, requiring drivers to enter a pin number, or a similar second security step, in its iOS app would help safeguard against hackers, and thereby add a second level of authentication to the process of logging in.
Ultimately, this isn't something that would convince would-be Tesla drivers to opt for other connected cars, but it is something that every driver needs to be aware of as connected driving goes mainstream.
The era of connected cars is here to stay
Thanks to technological advances and more affordable network chips, more connected cars are on the roads today than ever before. Yet, as our cars become networked devices, there is a greater risk of security breaches for drivers everywhere. Ultimately, technological hacking is inevitable and it isn't limited to cars. The so-called "Internet of Things" is transforming everything from our cars to our homes into networked devices, and this brings some degree of risk to the situation.
The thing for consumers to do now is to beef up their passwords. This means not using the same password across multiple accounts. It is also good practice to limit the number of third-party apps you use to access certain devices. For example, Model S drivers should only use the Tesla Motors iOS app and not other apps that might interface with their vehicles.