Teen gets remote access to 25 Tesla cars

remote access to Tesla cars

19-year-old David Colombo said on Twitter that he gets remote access to 25 Tesla cars in 13 countries around the world.

According to him, the problem was not with the automaker’s infrastructure, but with unnamed third-party software that some car owners use.

This is not a vulnerability in the Tesla infrastructure. This is the fault of the owners. Therefore, I will need to contact them and report [the problem].the researcher writes.

Colombo says that he can remotely run commands on cars available to him (of course, without awareness of the owners), including disabling Sentry mode, opening and closing doors, windows, and launching Keyless Driving. In addition, the researcher can request the exact location of the car, see if the driver is present in the cabin, and so on.

Fortunately, hacker can’t interact with the Tesla’s steering wheel or brakes in this way, but even without this, he can come up with many dangerous attack scenarios.

I think it is very dangerous if someone can remotely turn up the music at full volume or open windows/doors while you are driving on the highway. Even continuous headlight flashing has the potential to have some (dangerous) effect on other drivers.says Colombo.

Bloomberg has received proof of his claims from the researcher, including screenshots and other documentation. So far, Colombo has not released any details of his attack, and also asked the media conceal the details until the vulnerability is fixed. According to him, MITER has already reserved a CVE ID for this bug, and Tesla security is already conducting the necessary checks.

Interestingly, the developers of a third-party app for Tesla, TezLab, reported that yesterday they discovered “simultaneous expiration of several thousand authentication tokens by Tesla”. This application uses the Tesla APIs that allow performing actions such as entering a car, enabling or disabling the anti-theft camera system, unlocking doors, opening windows, and so on.

Let me remind you that we talked about the fact that Hackers gained access to surveillance cameras in Tesla, Cloudflare and banks, and also that The researcher showed how to steal a Tesla Model X in a few minutes.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *