The Tesla Model S did make our headlines more than a week ago, bumping into an utility pole and causing a blackout of the area along the way. This time around, here we are with additional details concerning the Tesla Model S – it could very well be hacked. The Model S allegedly has a weak spot, which would be the security of its API (application programming interface) authentication.
According to an article in the O’Reilly Community by George Reese, who happens to be the executive director of cloud management at Dell, Tesla wrote its own API authentication protocols, but did so without using the best security techniques available today according to Mr. Reese. We would pay attention to what Reese shared, since he too is a Model S owner.
The Tesla REST API would be the one in question here, where it can be accessed via a web-based portal, normally through an iPhone or Android-powered smartphone in order to perform a range of tasks, including checking on the vehicle’s status. Should a hacker actually gain access to your Tesla Model S, he or she would have “free access to all of that site’s cars for up to three months with no ability for the owners to do anything about it.”
“The authentication protocol in the Tesla REST API is flawed. Worse, it’s flawed in a way that makes no sense. Tesla ignored most conventions around API authentication and wrote their own. As much as I talk about the downsides to OAuth (a standard for authenticating consumers of REST APIs—Twitter uses it), this scenario is one that screams for its use.” (George Reese)