Tesla really should enforce two-factor authentication to protect its customers

Tesla offers dual authentication for its application allowing access to certain features of its cars. Problem ? It is optional.

Do you own a Tesla car? So we can only encourage you to activate the double authentication on account, which allows access to the application. In a series of tweets posted on January 10David Colombo, hacker and cybersecurity specialist, claims to have taken control, remotely, of several Tesla vehicles located in various countries.

This is not a vulnerability within the Tesla infrastructure. It’s the fault of the owners. That’s why I would like to be able to report it to the concerned “, he says. In his eyes, the fault is on the side of users who do not have sufficiently good computer hygiene to protect themselves from external attacks (choosing a strong password for example, or not using the same one for all their accounts). The American manufacturer could, however, empower its customers a little better, for example by imposing double authentication (it is only optional for the moment).

Tesla Model Y // Source: Louise Audry for Numerama

Two-factor authentication should be mandatory for Tesla cars

Please note, David Colombo is not able to fully control Tesla cars from home: he cannot act on driving controls such as acceleration or steering when the driver is behind the wheel. However, he explains that he can deactivate the Sentinel mode (surveillance of the surroundings when the car is parked), unlock the doors, see the exact location or even launch a video on YouTube. However, he concedes: I think it’s pretty dangerous, if someone is able to crank music at full volume or open the window while you’re driving down the highway. » Note that it is not possible to create a phone key since you have to be close to the car to carry out the configuration (which goes through the Bluetooth link).

This shared experience serves as a reminder of the importance of good computer hygiene. Double authentication is certainly the best way to avoid problems, and it should be imposed on products such as those of Tesla (we are still talking about cars that cost several thousand euros, not to mention the part linked to the road safety and access to billing data). In the past, we have seen companies listed in markets less sensitive than that of Tesla strongly encourage double authentication (example: the Epic Games Store).

This hacking of Tesla cars also recalls this news item linked to a Ring camera, marketed by Amazon. In 2019, the device was hijacked to speak to a child. Again, the multinational did not impose double authentication and blamed the parents. ” Unfortunately, when the same username and password are reused across multiple services, it is possible for malicious individuals to gain access to multiple accounts. “, she explained.

How do I enable two-factor authentication on the Tesla app?

To configure double authentication, you must:

  • Download a third-party authentication application (example: Google Authenticator);
  • Log in to your Tesla Account and press ‘Profile Settings’;
  • Press ‘Manage’ in ‘Multi-factor authentication’;
  • Follow the instructions (several options possible: verification code displayed on the application, QR Code, security key);
  • Enter the verification code on the website;
  • Check that you have received a confirmation email.

Leave a Comment