Automotive > Infotainment & Telematics Blog



Tesla's Embarrassing Inattention to Security

by Roger Lanctot | Apr 04, 2014

I am chairing the Telematics Update Content & Apps event in Munich on Tuesday and Wednesday, April 8th & 9th, next week  (http://tinyurl.com/6msselt).  The event looks at the opportunity to bring apps into cars and to enable remote control of cars via smartphones.  But with opportunity comes risk. 
A report from a blogger (http://tinyurl.com/pdrr8z6) highlights the minimal level of security provided for the Tesla iPhone app which allows remote locking and unlocking of the Tesla Model S.  There is no excuse for a company of Tesla's sophistication to leave such an inviting vulnerability in place.
The following commentary was written by Mayukh Gon, CEO and founder of PerfectCloud, a company that provides co-called identity-as-a-service, single sign on and data encryption for businesses.  I am sharing his thoughts as a courtesy in advance of the Content and Apps event:
Dear Tesla: Security is Not a Retrofit
The bedrock of a good life is security. From infancy through school, at work, at home, in our vehicles, in our online activities – we all want both physical and virtual security.
It was revealed last week that venerable automaker Tesla (you know, the one that designed and manufactured the $59,000 - $100,000+ electric Model S) had less-than-optimal security around the iOS app that lets Model S owners unlock their cars. The problem was an easily cracked password system that allowed persistent hackers to both find and unlock the high-end cars.
If the luxury Tesla has weak password protocols, what might that say about what’s in place in the less exotic vehicles driven by the rest of us?  What might that mean for drivers?
The Tesla mishap is a microcosm of much larger technology security concerns. 
As the auto industry moves closer to autonomous vehicles in the next several years, the security of the multiple systems needed for driverless vehicles should be an imperative. If someone hacks into a vehicle’s systems – more than just the lock system like in the Tesla -- what might the results be? Could a hacker remotely disable the vehicle? Could someone with ill intent cause a car’s airbags to deploy while the vehicle is operating on the highway? 
These types of security concerns are certainly not unique to automakers. Our lives are increasingly touched by automation and connectivity in our homes, at work -- everywhere. Security must be the bedrock rather than an afterthought.  Technologies exist today that remove the vulnerabilities by eliminating single points of failure.
Let’s not be those people who install alarm systems after being burglarized. That’s security as a retrofit, and it’s simply not practical in our increasingly connected world. 
Previous Post: Kiss Mirrors, Keys and a Cost-Based GM Culture Good-Bye | Next Post: Smartphone Use in Cars Reducing Accidents and Maybe Saving Lives
Leave a comment