Tesla Motors’ electric vehicles can be located and unlocked by criminals remotely simply by cracking a six-character password using traditional hacking techniques, according to newly released research.

Nitesh Dhanjani, a corporate security consultant, Tesla owner and author of books on hacking, said at a conference in Singapore on Friday that he recently conducted a study of the Tesla Model S sedan and found several design flaws in its security system. He said his review did not uncover any hidden software vulnerabilities in the car’s major systems. …

Tesla’s Model S car can only be driven when a key fob is present, but it can be unlocked via a command to the car transmitted wirelessly over the Internet, according to Dhanjani.

If a password is stolen or cracked, someone could locate and gain access to the car and steal its contents, but not drive it, Dhanjani said.