Forgot your password?
typodupeerror

+ - Tesla Model S REST API Authentication Flaws

Submitted by Anonymous Coward
An anonymous reader writes "New Tesla owner and Executive DIrector of Cloud Computing at Dell, George Reese, brings the Tesla Model S REST API authentication into question "The authentication protocol in the Tesla REST API is flawed. Worse, it’s flawed in a way that makes no sense. Tesla ignored most conventions around API authentication and wrote their own. As much as I talk about the downsides to OAuth (a standard for authenticating consumers of REST APIs—Twitter uses it), this scenario is one that screams for its use." While not likely to compromise the safety of the vehicle, he does go on to note that "I can target a site that provides value-added services to Tesla owners and force them to use a lot more electricity than is necessary and shorten their battery lives dramatically. I can also honk their horns, flash their lights, and open and close the sunroof. While none of this is catastrophic, it can certainly be surprising and distracting while someone is driving.""
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Tesla Model S REST API Authentication Flaws

Comments Filter:

You have mail.

Working...