Vulnerability Announcement: Tesla Roadster vulnerable to brute-force unlock via CAN bus
SUMMARY
The Tesla Roadster instrumentation CAN bus (running at 1MHz) supports a CAN bus message to lock/unlock the car as well as enable/disable valet mode. Authentication on this message is via simple user PIN code which is typically 4 digits (but can be up to 8 digits).
It appears that this is vulnerable to brute-force attack as there is no rate limiting on reception/interpretation of that message.
TECHNICAL DETAILS
The CAN bus message is: