Tesla Model S Hacking Prize Claimed 59
savuporo sends word that a $10,000 bounty placed on hacking a Tesla Model S has been claimed by a team from Zhejiang University in China. The bounty itself was not issued by Tesla, but by Qihoo 360, a Chinese security company.
"[The researchers] were able to gain remote control of the car's door locks, headlights, wipers, sunroof, and horn, Qihoo 360 said on its social networking Sina Weibo account. The security firm declined to reveal details at this point about how the hack was accomplished, although one report indicated that the hackers cracked the six-digit code for the Model S's mobile app.
Not how this is supposed to work... (Score:4, Interesting)
So it could be a hoax, but more likely they're black-hatting in public view.
Re:So (Score:4, Interesting)
Basically they guessed the password to gain control of the accessories you can operate with an android app? Some hacking job there, lol.
If that is what they did (and we don't know that) then that is a security flaw. Tesla should not have allowed the PIN to be brute forced. The PIN should be stored by the car, not by the app, and it should have a 30 second lock-out after 3 wrong attempts, and then double the lock-out time for each additional wrong attempt. This is Security 101.