19-year-old security researcher David Colombo found a way to gain remote access to more than 50 Tesla vehicles from around the world. After finding this vulnerability, he tried to warn the owners, but couldn’t find any contact information, so he obtained their email addresses through another security flaw and warned them.
In Colombo’s writeup regarding the matter, he emphasises that is not a vulnerability in Tesla’s infrastructure directly. The security flaw actually stems from a third-party Tesla data-logger called Teslamate. This is a tool that can give you detailed reports about your driving, charging, efficiency, energy consumption, and more. TeslaMate unfortunately stored some Tesla API keys unencrypted, which allowed Colombo to run his own commands on Teslas remotely.
He couldn’t steer the car or drive it, but he could access things like stereo volume, doors, windows, and disabling Sentry Mode. Even though he couldn’t drive the vehicles remotely, he technically could have used the auto-summon function which could make the car hit something. He even mentioned that he could ‘rick-roll‘ Tesla owners by playing Rick Astley on YouTube.
Colombo first noticed this vulnerability in October 2021 and even posted pictures of detailed driving routes taken by the hacked Teslas. Just to test the commands out, he reached out to a compromised Tesla’s owner and asked for permission to remotely honk the horn.
In order to alert the Tesla owners that he hacked, he found another security flaw in Tesla’s digital car key that allowed him to get their email addresses. He could even query the addresses with revoked access.
Since then, he has reached out to both Tesla and TeslaMate and they have now fixed the issues and revoked “thousands of keys”, meaning he cannot gain access to these vehicles or emails anymore.
Colombo said that he’s eligible for a bug bounty for his digital car key vulnerability discovery, but does not know the exact amount yet. Jokingly, he said he hopes it’s enough to cover his coffee bill from working on the discovery the last two weeks.
[ SOURCE, IMAGE SOURCE, 2 ]
Slightly over a year after the brand made its debut in our market, Dongfeng has…
Looking for a portable 5G Advanced mobile WiFi (MiFi) on the go? Yes 5G has…
Gentari has released a statement to address the recent discounted Gentari Go EV charging service…
Want to convert almost any TV with an HDMI port into a Google TV? Xiaomi…
Sony has introduced the Sony WF-1000XM6 in Malaysia, its latest flagship truly wireless earbuds under…
More than a year after it was first previewed at the KL International Mobility Show…
This website uses cookies.