Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Tesla Model S REST API Authentication Flaws

Anonymous Coward writes | about a year ago

0

An anonymous reader writes "New Tesla owner and Executive DIrector of Cloud Computing at Dell, George Reese, brings the Tesla Model S REST API authentication into question "The authentication protocol in the Tesla REST API is flawed. Worse, it’s flawed in a way that makes no sense. Tesla ignored most conventions around API authentication and wrote their own. As much as I talk about the downsides to OAuth (a standard for authenticating consumers of REST APIs—Twitter uses it), this scenario is one that screams for its use." While not likely to compromise the safety of the vehicle, he does go on to note that "I can target a site that provides value-added services to Tesla owners and force them to use a lot more electricity than is necessary and shorten their battery lives dramatically. I can also honk their horns, flash their lights, and open and close the sunroof. While none of this is catastrophic, it can certainly be surprising and distracting while someone is driving.""

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?