Hacking a $100K Tesla Model S For Fun and $10K Profit

[InfoSec News <alerts () infosecnews org>]

http://www.infosecnews.org/hacking-a-100k-tesla-model-s-for-fun-and-10k-profit/

By William Knowles
Senior Editor
InfoSec News
July 14, 2014

At the 2014 SyScan 360 Conference, being held July 16th and 17th 2014 at 
the Beijing Marriott Hotel Northeast in Beijing China. Security 
professionals and hackers paying $319 to attend the conference will have 
the opportunity to win $10,000 if they can compromise the security of the 
Tesla Model S.

While the official rules haven’t been released, one could surmise that 
this will involve remotely gaining control of the vehicle’s controls or 
physically via the 17 inch touchscreen in the Tesla.

Back in March 2014, Nitesh Dhanjani detailed a cursory evaluation of the 
Tesla Model S, pointing out threats such as, Tesla’s six character 
password can lead to the Model S being remotely located and unlocked via 
social engineering, email account compromises, brute-force attacks, 
malware attacks, phishing attacks, and password leaks.

Tesla REST API Implicitly Encourages Credential Sharing with Untrusted 
Third Parties. “The Tesla iOS App uses a REST API to communicate and send 
commands to the car. Tesla has not intended for this API to be directly 
invoked by 3rd parties. However, 3rd party apps have already started to 
leverage the Tesla REST API to build applications.”

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/