Go homepage(回首页)
Upload pictures (上传图片)
Write articles (发文字帖)

The author:(作者)归海一刀
published in(发表于) 2014/3/30 5:38:29
Six static passwords， Tesla’s attack broke the amulet，

Six static passwords, Tesla's attack broke the amulet-six static passwords, Tesla, Model S-IT information Six static passwords, Tesla shield attack will break

Summary: once the password has been cracked, people will be able to lock the car into position, and then entered the car system steal content.

According to a newly released study shows that Internet hackers with traditional hacking techniques to crack the Tesla Model s electric car of a six-digit password to lock or unlock the car.

On Friday, the enterprise network security consultant niteshi·danguni (Nitesh Dhanjani) in Singapore the Asian "Black Hat" (Black Hat) hacking said in a speech at the Security Conference, according to his Tesla Model s in recent years according to a study carried out by electric car, the car's security system, there are multiple design flaws. However, danguni said, he has not found any hidden in the car's main system software vulnerabilities.

Danguni said: "we are not protecting our computer workstations in the same way as to protect the motor. "He also said, had forwarded his findings Tesla company.

Tesla spokesman patelike·qiongsi (Patrick Jones) refused to make any comments on danguni research has found. But he also said that from the security experts ' recommendations and findings in the field, Tesla are very careful assessment.

Jones wrote in an e-mail: "we have a top-level professional information security researcher, can therefore be an effective protection against vulnerabilities in our products and systems. We are also continuing to cooperate with security researchers, groups, and actively encouraging them to communicate us through formal reporting processes of the company. ”

As Dan gunny, the study shows, although only with car remote control key to be able to start the Tesla Model s electric sedan, but issued instructions over a wireless network you can unlock it. Danguni said that once the password has been stolen or deciphered, it can lock the position of the Model s sedan, and then enters the car system steal content, but cars cannot be left.

When the user when ordering a Model s sedan, Tesla will require the user to set a six-digit account passwords, in order to help users to unlock a phone application, Tesla online so you can access the user's account.

IPhone application you can remotely locate and unlock your Model s, can also control and monitor the vehicle's other features. Danguni said that several ways to crack the computer or online accounts apply equally to determine Model s six-digit password. Perpetrators of attacks likely to pass a site Tesla guessed the password set by the user, since Tesla did not impose restrictions on bad password input for a number of.

An attacker may implant password stealing virus to get the password from the user's computer, or using stolen password access to use the same password for other accounts.

Danguni said: "the cost up to $ 100,000 for the Model s sedan is dependent on such a set of six static passwords as a talisman, this is a very serious matter. ”

Danguni also noted that there is evidence that, Tesla service support staff you can remotely unlock your Model s sedan, which immediately attacked car users are vulnerable to attackers. Meanwhile, the industry also released a question that, regardless of whether the user's knowledge or authorisation of such acts, Tesla employees may use this privilege to any car lock and unlock.

六位静态密码，特斯拉的护身符一攻就破 - 六位静态密码,特斯拉,Model S - IT资讯
六位静态密码，特斯拉的护身符一攻就破

摘要：一旦密码被破解，人们就可以锁定汽车的位置，然后进入该车系统窃取内容。

根据一项最新公布的研究结果显示，网络黑客凭借传统黑客技术就能够破解特斯拉Model S电动汽车的六位密码，从而对汽车进行锁定和解锁。

本周五，企业网络安全顾问尼特施·丹贾尼（Nitesh Dhanjani）在新加坡召开的亚洲“黑帽”（Black Hat）黑客安全大会上发表演讲时称，根据他近期对特斯拉Model S电动轿车所进行的一项研究显示，这款车的安全系统存在多个设计缺陷。不过，丹贾尼同时指出，他并没有发现该款轿车主要系统中存在任何隐藏的软件漏洞。

丹贾尼表示：“我们不能采用保护我们电脑工作站的相同方法来保护我们的汽车。”他还称，已经把他的研究结果转交给了特斯拉公司。

特斯拉新闻发言人帕特里克·琼斯（Patrick Jones）拒绝对丹贾尼的研究发现发表任何评论。不过他同时表示，对来自安全领域专家的建议和研究成果，特斯拉都进行非常细心的评估。

琼斯在一封电子邮件中写道：“我们拥有顶级的专业信息安全研究人员，因此可以有效针对漏洞保护我们的产品和系统。我们还持续地与安全研究人员群体展开合作，并积极地鼓励他们通过公司正式的报告流程与我们进行沟通。”

根据丹贾尼的研究结果显示，虽然只有随车遥控钥匙才能够发动特斯拉Model S电动轿车，但通过无线网络发出的指令也可以对其进行解锁。丹贾尼表示，一旦密码被盗或者被解密，人们就可以锁定Model S轿车的位置，然后进入该车的系统窃取内容，不过无法将轿车开走。

当用户订购Model S轿车时，特斯拉会要求用户设定一个六位账户密码，以帮助用户对一款手机应用进行解锁，从而可以接入用户的在线特斯拉账户。

这款手机应用可以对Model S进行远程定位和解锁，还可以控制和监控该车的其他功能。丹贾尼表示，破解电脑或在线账户的多种方法同样适用于破解Model S的六位密码。攻击实施者可能会通过特斯拉的一个网站猜出用户设置的密码，因为特斯拉并没有对错误密码信息输入的次数加以限制。

攻击者可能会通过植入密码窃取病毒来从用户的电脑中获得密码，或者使用窃取来的密码接入使用相同密码的用户其他账户。

丹贾尼表示：“售价高达10万美元的Model S轿车却依赖这样一套六位静态密码作为护身符，这可是一件非常严峻的事情。”

丹贾尼还指出，有证据显示，特斯拉服务支持部门的员工可以对Model S轿车进行远程解锁，这就让轿车用户很容易受到攻击者发起的攻击。与此同时，业内人士还发表质疑称，无论用户是否知晓或者授权这种行为，特斯拉员工可能会使用这种特权来对任何轿车进行锁定和解锁。

赞