Embarrassing Delay on Tesla's Critical Security Feature

Embarrassing Delay on Tesla's Critical Security Feature

Tesla CEO, Elon Musk recently responded to a customer’s query about the Tesla app’s two-factor authentication. Musk apologized for the delay on Twitter saying, “Sorry, this is embarrassingly late. Two-factor authentication via SMS or authenticator app is going through final validation right now.”

It’s clear that the Tesla boss recognizes the late release of this security measure is surprising, especially for a company of this status. The two-factor authentication is a security feature that requires an input through two different methods to verify identification in order to access a smartphone app or another online service. Typically, with the first login, the user is prompted to enter a password. Following that, the service or app being accessed with send a one-time pin via text or email to enter as the second phase of the authentication process. Alternatively, the user will be asked to utilize an authenticator app, which delivers the one-time code to finalize the login process.

The two-factor authentication process is needed to tighten security on the Tesla mobile app, which currently lets Tesla EV owners remotely access certain features such as locking or unlock the vehicle, manage the air conditioning, flash the car’s lights, honk the horn when parked, vent or close the panoramic sunroof, locate a vehicle and track its movements, update the car’s software and also to start or stop charging the car. For owners using Autopilot, the Tesla app can even be used to summon the car from a distance.

Because the mobile app is a core part of the Tesla experience, the two-factor authentication is an important addition to give Tesla owners peace of mind with extra security included. Musk’s acknowledgment and claims that the security layer is going through the final stages of development, leads us to believe its release is imminent. It is said that the EV automaker will implement its two-factor authentication using SMS and/or an authenticator app, with the latter being more secure than using text because with SMS, SIM cards can be intercepted to get the verification numbers.

With increased integration and connectivity with Tesla’s electric vehicles, it is more exposed to potential hacking. This is something Musk has been saying all along when talking about cybersecurity being a priority for vehicle safety. A while back, some people had managed to exploit security flaws in Tesla’s vehicles. It was then that Musk said he wanted to prevent a “fleet-wide hack”. Most of Tesla’s cybersecurity issues were related to connecting an electric vehicle to an unauthorized Wi-Fi network. This prompted Tesla owners to request improved ways of protecting their Tesla accounts and vehicles.

The 2FA security feature was expected to be released last year, but it is still something Tesla owners are urgently waiting for. Other security hacks have occurred after Tesla started offering expensive feature upgrades through the mobile app. Unbeknown to some EV owners, their Tesla accounts were being charged for these upgrades.

Last year, Musk announced on Twitter that Tesla was working on “foundational upgrades” to Tesla’s core operating system and would be introducing 2FA (two-factor authentication) shortly after that. There are no clear dates yet, and Musk has not committed to when exactly the feature will be rolled out. Tesla owners will just need to wait patiently for the official announcement.

Generally, Tesla vehicles are thought to be theft-proof with a range of anti-theft features. While it does make it harder for car thieves, it is still not impossible, although the risk of theft is reduced. The company released the Pin To Drive function in 2018 but updating the security with 2FA is a critical feature for its keyless entry systems.