"Automotive manufacturers though innovative in engineering can often oversee the security aspects just because there was no need to digitally safeguard cars in the past," said Bogdan Botezatu, a senior e-threat analyst at security firm Bitdefender. "While it may be true that the online account does not allow a potential attacker to control the car's critical systems, it could allow somebody to physically locate the car and unlock it."
Botezatu believes that Tesla accounts should require a second authentication factor when users attempt to authenticate from new devices or when their active sessions expire.
An increasing number of manufacturers allow users to remotely control their devices through cloud-based services. Devices with such functionality range from IP-based cameras to network-attached storage devices and home automation sensors.
It's unlikely that manufacturers will take a secure approach to designing so-called Internet-of-things devices anytime soon, Botezatu said, pointing out that at the moment most engineering efforts focus on functionality and battery performance.
Sign up for CIO Asia eNewsletters.