$10,000 Bounty to Be Cashed in by Tesla Car Hacker

A $10,000 reward will be cashed in by the first hacker who cracks a Tesla car security system in a China-based competition, according to Fox News. The Symposium on Security for Asia Network (SyScan) has launched the hacking competition for all security gurus attending its Beijing conference. The aim is to examine the safety of the high-tech Tesla electric cars.

In April 2014, a security researcher showed that Tesla Motors accounts are only protected by simple passwords, making them vulnerable to hackers.

“Tesla Model S cars maintain an outbound connection with the Tesla infrastructure in the cloud – this enables Tesla personnel to track cars and check for anomalies remotely,” security researcher Nitesh Dhanjani told Fox News. “The most impactful security issue would allow an attacker to remotely leverage and abuse these facilities. It isn`t clear if Tesla has segmented its Ethernet and 3G based networks from the mechanics of the car and I trust this is ripe for further research.”

Tesla accounts could also be targeted through phishing and malware or compromised by third-party password leaks, according to research.

“Automotive manufacturers, though innovative in engineering, can often overlook security aspects just because there was no need to digitally safeguard cars in the past,” Bitdefender Senior E-threat Analyst Bogdan Botezatu told Computer World at the time. “While it may be true that the online account does not allow a potential attacker to control the car’s critical systems, it could allow somebody to physically locate the car and unlock it.”

Dhanjani is not the only researcher who has written a paper on Tesla Model S security.

A year ago, a Dell Senior Distinguished Engineer and Executive Director of Cloud Computing proved the authentication system in the Tesla Model S car`s API has a vulnerability that hackers could use to remotely control the car. George Reese studied the Tesla electronic car and showed some actions of the vehicle such as the climate control or the honk can be triggered remotely.

Tesla maintains a security Hall of Fame on its website, where several researchers are acclaimed for reporting vulnerabilities. The company also awards the first researchers to report one of the top three confirmed vulnerabilities in a calendar quarter.

Car hacking and the Internet of Things started to make headlines a couple of years ago. Bitdefender wrote about security researchers who discovered such security vulnerabilities as early as July 2011. Two years later, hackers thought of publishing a how-to guide for taking over Toyota Prius and Ford Escape.

The SyScan security event takes place next Wednesday and Thursday in the Chinese capital. The organization will soon offer more details about the competition on its website.