Teen Hacker Finds Bug That Lets Him Control 25 Tesla Cars In 13 Countries
David Colombo explained on Twitter how he was able to capitalise on what he referred to as "the owner's faults" and "not a vulnerability in Tesla's infrastructure" thereby making it important for him to "report this to the owners" of the vehicles
If you think self-driving electric vehicles are completely foolproof and safe, a teen hacker's recent exploits may prove you wrong.
A young hacker and IT security researcher was able to remotely control at least 25 Tesla electric cars spread out in 13 countries, he revealed in a Twitter thread on Wednesday.
So, I now have full remote control of over 20 Tesla¡¯s in 10 countries and there seems to be no way to find the owners and report it to them¡
¡ª David Colombo (@david_colombo_) January 10, 2022
David Colombo explained on Twitter how he was able to capitalise on what he referred to as "the owner's faults" and "not a vulnerability in Tesla's infrastructure" thereby making it important for him to "report this to the owners" of the vehicles.
"So, I now have full remote control of over 20 Tesla¡¯s in 10 countries and there seems to be no way to find the owners and report it to them," David Colombo wrote on Twitter.
Since these important facts seem to drown between other comments, I¡®ll add them here again ?
¡ª David Colombo (@david_colombo_) January 11, 2022
This is not a vulnerability in Tesla¡®s infrastructure. It¡®s the owners faults. That¡®s why I would need to report this to the owners as stated above.
[1/X]
Colombo was able to disable an electric vehicle's remote camera system, unlock its doors, and open windows. As if that weren't enough, Colombo was also able to begin keyless driving in addition to determining the vehicle's exact location.
Nevertheless I now can remotely run commands on 25+ Tesla¡®s in 13 countries without the owners knowledge.
¡ª David Colombo (@david_colombo_) January 11, 2022
Regarding what I¡®m able to do with these Tesla¡®s now.
This includes disabling Sentry Mode, opening the doors/windows and even starting Keyless Driving.
[2/X]
"Nevertheless I now can remotely run commands on 25+ Tesla¡®s in 13 countries without the owners knowledge," he wrote, while adding that he was also able to control music in the cars - "I also could remotely rick roll the affected owners by playing Rick Astley on Youtube in their Teslas."
I could also query the exact location, see if a driver is present and so on. The list is pretty long.
¡ª David Colombo (@david_colombo_) January 11, 2022
And yes, I also could remotely rick roll the affected owners by playing Rick Astley on Youtube in their Tesla¡®s?
[3/X]
I think it¡®s pretty dangerous, if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway.
¡ª David Colombo (@david_colombo_) January 11, 2022
Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers.
[4/X]
Even then, Colombo wasn't able to steer or direct any of the Teslas. With no access to Teslas' steering, throttle, or braking capability, the hacker was simply able to break into the car but not control it. He could, in practice, drive "the affected Teslas" but cannot "intervene with someone driving (other than starting music at max volume or flashing lights." He also added that he cannot "drive these Teslas remotely."
That¡®s why I would like to get this all fixed before I release any specific details regarding what exactly this all is about.
¡ª David Colombo (@david_colombo_) January 11, 2022
Next steps:
- Waiting for MITRE¡®s reply regarding a CVE
- Preparing my Writeup
- Coordinating disclosure to affected owners with Tesla
[5/5]
Since then, Colombo has reported the matter to Tesla's security team, who seem to be investigating the issue.
Addition as of 11. Jan 22:33 (CET)
¡ª David Colombo (@david_colombo_) January 11, 2022
Tesla¡®s Security Team just confirmed to me they¡¯re investigating and will get back to me with updates as soon as they have them.
[8/8]
What do you think about this hacker's little experiment on Tesla vehicles? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.