2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S front 3/4 view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S rear 3/4 view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S front 3/4 view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S rear 3/4 view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S side view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S front view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S rear view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S front 3/4 view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S rear 3/4 view

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S headlight

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S logo

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S wheel

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S side marker

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S door handle

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S brake light

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S taillight

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S logo

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S logo

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S badge

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S badge

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S front cargo area

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S rear cargo area

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S interior

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S interior

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S interior

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S steering wheel

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S front seats

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S front seats

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S rear seats

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S digital display

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S digital display

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S steering wheel

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S steering wheel controls

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S steering wheel controls

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S dash

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S emergency button

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S center arm rest

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S VIN display

Next time you walk by a parked Tesla and its sunroof is opening and closing with nobody sitting inside or around it, you could be witnessing a hacker moment. For all of its strengths as a car, the Model S reportedly has a weak spot: the security of its API (application programming interface) authentication, according to an article in the O'Reilly Community by George Reese, executive director of cloud management at Dell. Tesla develops and uses its own API authentication protocols, which have made access to certain Model S functions too easy for hackers, Reese says - himself a Model S owner.

At question is the Tesla REST API, which is accessed via a web-based portal, usually by Model S owners with their iPhone or Android-based smartphone, to perform a variety of menial tasks and check the status of the car. The Tesla-registered e-mail and password of the car owner is used to access the API through a web portal, which creates a "token" that lasts for three months. During that period, owners access the Tesla REST API via the token without the use of their log-in information. Unfortunately, the tokens and their respective cars are stored on website databases that are all too easy to hack, Reese explains, and if a hacker gains access, "it has free access to all of that site's cars for up to three months with no ability for the owners to do anything about it." On top of that, there is no way to revoke access of a compromised application.

Reese says that "there's nothing in the API that (can? should?) result in an accident if someone malicious were to gain access." The API can check the car's battery charge, operate climate control, operate the sunroof, identify car location, honk the horn, open the charge port, and perform other similar operations. But, he cautions, "Perhaps the scariest bit is that the API could be used to track your every move."

At least it's not a major hack-attack like that experienced by a Forbes reporter in a Prius. Now that's scary!

I'm reporting this comment as:

Reported comments and users are reviewed by Autoblog staff 24 hours a day, seven days a week to determine whether they violate Community Guideline. Accounts are penalized for Community Guidelines violations and serious or repeated violations can lead to account termination.


    • 1 Second Ago
  • Share This Photo X