Dear Tesla Motors Inc: Security Is Not A Retrofit

Dear Tesla Motors Inc: Security Is Not A Retrofit
Blomst / Pixabay

The bedrock of a good life is security. From infancy through school, at work, at home, in our vehicles, in our online activities – we all want both physical and virtual security.

Play Quizzes 4

Tesla Model S lacks security

It was revealed last week that venerable automaker Tesla Motors Inc (NASDAQ:TSLA) (you know, the one that designed and manufactured the $59,000 – $100,000+ electric Model S) had less-than-optimal security around the iOS app that lets Model S owners unlock their cars. The problem was an easily cracked password system that allowed persistent hackers to both find and unlock the high-end cars.

This Long/ Short Equity Firm Sees A Time-Arbitrage Opportunity In This Pest Control Merger

PestYost Partners was up 0.8% for the first quarter, while the Yost Focused Long Funds lost 5% net. The firm's benchmark, the MSCI World Index, declined by 5.2%. The funds' returns outperformed their benchmark due to their tilt toward value, high exposures to energy and financials and a bias toward quality. In his first-quarter letter Read More

If the luxury Tesla has weak password protocols, what might that say about what’s in place in the less exotic vehicles driven by the rest of us?  What might that mean for drivers?

The Tesla Motors Inc (NASDAQ:TSLA) mishap is a microcosm of much larger technology security concerns.

As the auto industry moves closer to autonomous vehicles in the next several years, the security of the multiple systems needed for driverless vehicles should be an imperative. If someone hacks into a vehicle’s systems – more than just the lock system like in the Tesla — what might the results be? Could a hacker remotely disable the vehicle? Could someone with ill intent cause a car’s airbags to deploy while the vehicle is operating on the highway?

These types of security concerns are certainly not unique to automakers. Our lives are increasingly touched by automation and connectivity in our homes, at work — everywhere. Security must be the bedrock rather than an afterthought.  Technologies exist today that remove the vulnerabilities by eliminating single points of failure.

Let’s not be those people who install alarm systems after being burglarized. That’s security as a retrofit, and it’s simply not practical in our increasingly connected world.

By: Mayukh Gon, CEO and Founder, PerfectCloud

Updated on

No posts to display


  1. The security vulnerability of the Model S battery cell, was confirmed by the recent ‘Voluntary Retrofit’ at Tesla Motors Inc. SECURITY is thicker than water. Japan’s NEC Corp. recently purchased A123 Systems smart grid storage business, while Toyota proceeds with their Hydrogen Car. Thanks Tesla for the help in realizing EV powered with Fuel Cells!

    Blood is thicker than water. Maybe that is why PANASONIC recently commented with regard to the RISKS in being involved with Tesla Motors “gigafactory”. The A123 Systems manufacturing capabilities are here and now. Hey Tesla Motors, NEC Corp says they’re looking forward to June 2014! One Four…as in TSLA down -$5 real time.

  2. I agree with the two previous comments. However, I also appreciate the author’s implication that other manufacturers of low-cost cars will likely be at risk. Eventually this type of technology will trickle down to cheap cars – and when it does you’d better assume that the application has been farmed out to the cheapest bidder.

  3. Add the fact that all the work involved in trying to hack into the car gives you the same results as throwing a rock at the window. Guess which is cheaper and easier to implement..

  4. This is a blatant click-bait article. In order to hack into a Tesla vehicle you need to know who owns that vehicle, you need to know the e-mail address they used to create the account, you need to know their password, and you need to pair your device using the screen inside the car.

    There is no chance someone is going to walk up to your car, tap a command into their phone, and unlock the car.

    Also, the remote API that iOS and Android phones use to interact with a Tesla vehicle have no ability to “Disable the car”. The app only has the ability to adjust climate control, lock/unlock doors, crack the sunroof, and flash the lights/honk the horn (which don’t even activate from the app while the car is in motion). The API also does not allow the user to drive the car, since it will not shift out of Park without the keyfob. This makes it infinitely more secure than On-Star which has been proven to be social-hackable on many occasions.

    This article’s entire premise is that Tesla vehicles are somehow un-secure because the MINIMUM password requirements for your account are 6 characters.

    You should be more worried about people getting into your personal computer at home with a 6-character password than you should about people being able to unlock your car doors with one.

    Bottom line, if you actually are concerned about people breaking into your car, set a stronger password and your job is done.

Comments are closed.