Home Transportation Car industry

Tesla Motors API Vulnerable to Hacking, Too?

Tesla Motors API Vulnerable to Hacking
Tesla Motors API Vulnerable to Hacking

One of the great things about modern hardware and software is its accessibility. For example, I may be writing this from an internet cafe in the Peruvian Highlands but, with an internet connection, I can access the world. If I had access to Tesla Motors’ API [Application Programming Interface] and the right software, I could also track your Tesla Model S.

We’ve talked about hacking vehicles before, but it really depends on how connected the vehicle’s API is. In the case of a Toyota Prius we looked at earlier, it required a significant amount of physical hacking into the Prius’ delicate networking systems to effect some unwanted behavior. Such interference could even cause an accident. Still, we’re fairly certain you’d notice that someone had snuck into your Prius and ripped the dash out. Even with a little finesse, it would take a good day to rig up the proper hardware for remote access without letting the driver in on the caper.

Something that separates the Tesla Motors API and the Toyota Prius network though, is the method of access. For now, the only way to interact with the Toyota Prius network is via direct connection, that is, you have to be physically in the vehicle with a Techstream-enabled laptop or PDA and connected to the DLC3 connection under the driver’s dash. If there is an ECU reflash it has to be done at the dealer. On the other hand, the last time that Tesla Motors released an ECU reflash, they simply released it over the mobile networks for any Tesla Model S to access it, saving Tesla Model S owners a trip to the service center.

Customers also access some functions of their Tesla Model S through the API via smartphone connection, such as battery state of charge or setting up charging times, perhaps to cool the vehicle off or open the windows before actually getting to the vehicle. The Tesla Motors API is accessed via email and password combination with a token that lasts for three months. This makes for easy owner access, but also easy hacker access, who can gain token and vehicle information from the websites the tokens are stored on!

Fortunately, the only thing that the Tesla Motors API has access to couldn’t cause an accident, but I can agree that it would suck if a hacker opened your windows during a rainstorm or turned off the charger while you were sleeping. Perhaps the worst would be someone tracking you via GPS, which is also available through the API. Hopefully Tesla Motors is looking into making their systems more secure.

Image © FreeDigitalPhotos.net

(Visited 94 times, 1 visits today)


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.