Finally, Tesla has announced that it will implement two-step verification in its vehicles after knowing that they can be stolen just by knowing the driver’s username and password.
It seems little credible, but a single security barrier can make it easier to steal a Tesla vehicle than a Twitter account. Two-step verification has long been imposed for social media profiles, banking apps and all kinds of technologies, but Tesla vehicles, which can be accessed online, lack this option.
It does not matter whether or not the PIN is activated in the car, if the username and password of the driver’s Tesla account are known, it is possible to steal the vehicle. The reason is the amount of information and possibilities that can be accessed through the website.
When entering the Tesla account it is possible deactivate the PIN, change the vehicle configuration, unlock it or even activate remote start … In short, leaving the vehicle at the disposal of the intruder in a matter of seconds.
Xiaomi is a brand known for having many products at a very good price. These are 14 of which you can buy in Spain for less than € 20.
The problem is that password theft can be done in different ways and does not always require phishing. As with systems that lack greater security measures, the same social engineering may be sufficient, especially considering that drivers are not required to have computer knowledge.
It has become known about this future implementation through what is often considered Tesla’s official news channel: Elon Musk’s Twitter account. In his response to a user, he clarified that the 2-step verification is almost done.
Sorry, this is embarrassingly late. Two factor authentication via sms or authenticator app is going through final validation right now.
– Elon Musk (@elonmusk) August 14, 2020
We will see what method you use to do this two-step verification, but whatever is insurance that vehicle owners appreciate not having your Tesla so exposed. It is striking that a company of such size and where technological innovation is imposed has yet to add such a basic security measure.