• 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
Close
Home Transport Cars

Teen hacker gained access to over 50 Teslas around the world, here’s how he did it

  • BY Redza Dzafri
  • 26 January 2022
  • 6:23 pm
  • Comment
Share on FacebookShare on Twitter

19-year-old security researcher David Colombo found a way to gain remote access to more than 50 Tesla vehicles from around the world. After finding this vulnerability, he tried to warn the owners, but couldn’t find any contact information, so he obtained their email addresses through another security flaw and warned them.

In Colombo’s writeup regarding the matter, he emphasises that is not a vulnerability in Tesla’s infrastructure directly. The security flaw actually stems from a third-party Tesla data-logger called Teslamate. This is a tool that can give you detailed reports about your driving, charging, efficiency, energy consumption, and more. TeslaMate unfortunately stored some Tesla API keys unencrypted, which allowed Colombo to run his own commands on Teslas remotely.

He couldn’t steer the car or drive it, but he could access things like stereo volume, doors, windows, and disabling Sentry Mode. Even though he couldn’t drive the vehicles remotely, he technically could have used the auto-summon function which could make the car hit something. He even mentioned that he could ‘rick-roll‘ Tesla owners by playing Rick Astley on YouTube.

I could also query the exact location, see if a driver is present and so on. The list is pretty long.

And yes, I also could remotely rick roll the affected owners by playing Rick Astley on Youtube in their Tesla‘s😂

[3/X]

— David Colombo (@david_colombo_) January 11, 2022

Colombo first noticed this vulnerability in October 2021 and even posted pictures of detailed driving routes taken by the hacked Teslas. Just to test the commands out, he reached out to a compromised Tesla’s owner and asked for permission to remotely honk the horn.

In order to alert the Tesla owners that he hacked, he found another security flaw in Tesla’s digital car key that allowed him to get their email addresses. He could even query the addresses with revoked access.

Since then, he has reached out to both Tesla and TeslaMate and they have now fixed the issues and revoked “thousands of keys”, meaning he cannot gain access to these vehicles or emails anymore.

Colombo said that he’s eligible for a bug bounty for his digital car key vulnerability discovery, but does not know the exact amount yet. Jokingly, he said he hopes it’s enough to cover his coffee bill from working on the discovery the last two weeks.

[ SOURCE, IMAGE SOURCE, 2 ]

Tags: hackhackerTeslateslamate
Redza Dzafri

Redza Dzafri

POPULAR

Govt official suspended after draining over 2 million litres of water to save his Galaxy S23 Ultra

May 29, 2023

Teen hacker gained access to over 50 Teslas around the world, here’s how he did it

January 26, 2022

Malaysia’s best UNLIMITED prepaid plans – May 2023 Edition

May 29, 2023

Malaysia’s first Apple Store at The Exchange TRX expected to open in February 2024

June 2, 2023

Yes 5G introduces the cheapest 5G postpaid plan yet in Malaysia with 100GB data for all usage

May 25, 2023

Here’s an elegant solution to manage and backup the data of everyone in your company

May 29, 2023

Copyright © 2023 · SoyaCincau.com
Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER

Copyright © 2023 · SoyaCincau.com – Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER