If it is documented in the manual[0][1] is it a "bug?" I think the design is poor (bad default WiFi password, WiFi always on, inverting sensors with no sanity checks) but this is how it was designed to work, it is officially documented as doing so.
I guess it boils down to a definition of the term "bug." But I feel like a lot of the knee-jerk responses (and voting) didn't read the article carefully enough.
It is a core design weakness rather than a "bug" (implying an error) in an actual good design. I think the distinction is subtle but it is there.
Not having any limits on that invert setting is definitely a security/safety bug.
The password is a level of incompetence beyond what you'd call a bug. It's clearly following a design decision that was imposed by someone with zero security experience.
I would argue that "building, and leaving open" Wifi connectivity that is not even remotely obfuscated is proof in itself of "failure to consider security aspects".
Well, to be fair and comparing to not having a password at all - as they put those passwords in place they have somehow tried to protect it. Or make it look protected.
But I agree that it indicates that they haven't gave any consideration to it, and in 2019 that doesn't count as trying anymore. At least because we're talking about a well-established hardware and software vendor, not my grandma.
This is unintended behavior in the same way that a locksmith leaving a copy of a key under your doormat after installing a new lock is unintended behavior. They didn't intend to cause a security issue, but they also didn't care enough to make sure that what they were doing was safe.
It's not clear that most of this is even "unintended behavior" rather than just abuse. It's like calling it a "hack" to fill water balloons with electrically conductive fluid and throw them at a substation. The people responsible for stopping you from doing that are the police, not the makers of water balloons.
The worst thing they did was the default password.
Complete negligence in security is hardly the kind of thing people think about as "bugs". The larger problem is that Tesla has put out software without any sensible considerations for security - that the result behaves badly can't really be called unintended behaviour, unless you are allowed to design software by pipe dream.