Tesla Model S REST API Authentication Flaws

An anonymous reader writes "New Tesla owner and Executive DIrector of Cloud Computing at Dell, George Reese, brings the Tesla Model S REST API authentication into question. 'The authentication protocol in the Tesla REST API is flawed. Worse, it's flawed in a way that makes no sense. Tesla ignored most conventions around API authentication and wrote their own. As much as I talk about the downsides to OAuth (a standard for authenticating consumers of REST APIs—Twitter uses it), this scenario is one that screams for its use.' While not likely to compromise the safety of the vehicle, he does go on to say, 'I can target a site that provides value-added services to Tesla owners and force them to use a lot more electricity than is necessary and shorten their battery lives dramatically. I can also honk their horns, flash their lights, and open and close the sunroof. While none of this is catastrophic, it can certainly be surprising and distracting while someone is driving.'"

I don't get it.

Can someone give me a car analog?

Re:I don't get it.

[Rosco+P.+Coltrane]

Sorry, cars are digital these days.

Re:I don't get it.

You wouldn't copy a car, would you?

Re:I don't get it.

[theskipper]

Don't copy that jalopy!

how fast

[fyngyrz]

Well, terminal velocity will depend on two factors: The ultimate wind resistance of its tumbling chassis, and how high it is above the ground when you drop it.

Re:First World Priorites

[0123456]

Yeah, but the battery will run out two miles down the road, so it's not really a big deal.

Let me get this straight

[DougOtto]

"I can also honk their horns, flash their lights, and open and close the sunroof."

So he discovered a 10 year old?

Re:Let me get this straight

[plover]

"Never gonna roll your windows up,
Never gonna put your top down,
Never gonna run your battery down, or desert you."