2012 Tesla Model S
  • 2012 Tesla Model S
  • 2012 Tesla Model S front 3/4 view

  • 2012 Tesla Model S
  • 2012 Tesla Model S rear 3/4 view

  • 2012 Tesla Model S
  • 2012 Tesla Model S front 3/4 view

  • 2012 Tesla Model S
  • 2012 Tesla Model S rear 3/4 view

  • 2012 Tesla Model S
  • 2012 Tesla Model S side view

  • 2012 Tesla Model S
  • 2012 Tesla Model S front view

  • 2012 Tesla Model S
  • 2012 Tesla Model S rear view

  • 2012 Tesla Model S
  • 2012 Tesla Model S front 3/4 view

  • 2012 Tesla Model S
  • 2012 Tesla Model S rear 3/4 view

  • 2012 Tesla Model S
  • 2012 Tesla Model S headlight

  • 2012 Tesla Model S
  • 2012 Tesla Model S logo

  • 2012 Tesla Model S
  • 2012 Tesla Model S wheel

  • 2012 Tesla Model S
  • 2012 Tesla Model S side marker

  • 2012 Tesla Model S
  • 2012 Tesla Model S door handle

  • 2012 Tesla Model S
  • 2012 Tesla Model S brake light

  • 2012 Tesla Model S
  • 2012 Tesla Model S taillight

  • 2012 Tesla Model S
  • 2012 Tesla Model S logo

  • 2012 Tesla Model S
  • 2012 Tesla Model S logo

  • 2012 Tesla Model S
  • 2012 Tesla Model S badge

  • 2012 Tesla Model S
  • 2012 Tesla Model S badge

  • 2012 Tesla Model S
  • 2012 Tesla Model S front cargo area

  • 2012 Tesla Model S
  • 2012 Tesla Model S rear cargo area

  • 2012 Tesla Model S
  • 2012 Tesla Model S interior

  • 2012 Tesla Model S
  • 2012 Tesla Model S interior

  • 2012 Tesla Model S
  • 2012 Tesla Model S interior

  • 2012 Tesla Model S
  • 2012 Tesla Model S steering wheel

  • 2012 Tesla Model S
  • 2012 Tesla Model S front seats

  • 2012 Tesla Model S
  • 2012 Tesla Model S front seats

  • 2012 Tesla Model S
  • 2012 Tesla Model S rear seats

  • 2012 Tesla Model S
  • 2012 Tesla Model S digital display

  • 2012 Tesla Model S
  • 2012 Tesla Model S digital display

  • 2012 Tesla Model S
  • 2012 Tesla Model S steering wheel

  • 2012 Tesla Model S
  • 2012 Tesla Model S steering wheel controls

  • 2012 Tesla Model S
  • 2012 Tesla Model S steering wheel controls

  • 2012 Tesla Model S
  • 2012 Tesla Model S dash

  • 2012 Tesla Model S
  • 2012 Tesla Model S emergency button

  • 2012 Tesla Model S
  • 2012 Tesla Model S center arm rest

  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

  • 2012 Tesla Model S
  • 2012 Tesla Model S touch screen

  • 2012 Tesla Model S
  • 2012 Tesla Model S VIN display

Next time you walk by a parked Tesla and its sunroof is opening and closing with nobody sitting inside or around it, you could be witnessing a hacker moment. For all of its strengths as a car, the Model S reportedly has a weak spot: the security of its API (application programming interface) authentication, according to an article in the O'Reilly Community by George Reese, executive director of cloud management at Dell. Tesla develops and uses its own API authentication protocols, which have made access to certain Model S functions too easy for hackers, Reese says - himself a Model S owner.

At question is the Tesla REST API, which is accessed via a web-based portal, usually by Model S owners with their iPhone or Android-based smartphone, to perform a variety of menial tasks and check the status of the car. The Tesla-registered e-mail and password of the car owner is used to access the API through a web portal, which creates a "token" that lasts for three months. During that period, owners access the Tesla REST API via the token without the use of their log-in information. Unfortunately, the tokens and their respective cars are stored on website databases that are all too easy to hack, Reese explains, and if a hacker gains access, "it has free access to all of that site's cars for up to three months with no ability for the owners to do anything about it." On top of that, there is no way to revoke access of a compromised application.

Reese says that "there's nothing in the API that (can? should?) result in an accident if someone malicious were to gain access." The API can check the car's battery charge, operate climate control, operate the sunroof, identify car location, honk the horn, open the charge port, and perform other similar operations. But, he cautions, "Perhaps the scariest bit is that the API could be used to track your every move."

At least it's not a major hack-attack like that experienced by a Forbes reporter in a Prius. Now that's scary!


I'm reporting this comment as:

Reported comments and users are reviewed by Autoblog staff 24 hours a day, seven days a week to determine whether they violate Community Guideline. Accounts are penalized for Community Guidelines violations and serious or repeated violations can lead to account termination.


    • 1 Second Ago
  • Share This Photo X