In the era of digitalization, it seems to be increasingly necessary for companies to have cyber security on their side and billionaire Elon Musk knows it. It is that a 19-year-old security researcher said he was able to hack more than 25 vehicles from Tesla, the firm founded by the South African tycoon, Tesla.
On Monday, a German teenager named David Colombo blogged explaining how he was able to remotely hack into cars through security bugs in TeslaMate, a popular open source logging tool that tracks anything from Tesla power consumption to location history, as reported by the news portal Business Insider.
The young man had first disclosed news of the vulnerability on Twitter in early January, but waited to fully detail the issue until the bugs were fixed, the post said.
Colombo remotely accessed multiple Tesla functions, including unlocking doors and windows, starting keyless driving, viewing the car’s location and whether the driver was present. However, he stated that he does not believe it is possible to move the vehicle remotely.
Colombo said he was able to remotely access multiple Tesla functions, including unlocking doors and windows, and starting keyless drives. The teen also claimed he could turn on the stereo or honk the horn, as well as see the location of the car and whether the driver was present. However, he stated that he does not believe it is possible to move the vehicle remotely.
“There should be no way someone can literally walk up to some Teslas they don’t own and take them for a spin.Colombo said on his blog on Medium.
“I also think it could potentially lead to some dangerous situations on the road. For example, if someone with remote access starts playing loud music while the driver is on the road, or remotely and uncontrollably flashes the headlights of Teslas at night.
Colombo explained that the security issue revolved around how TeslaMate it stored sensitive information that was needed to link the program to the car. The young researcher explained that information, including the car’s API key, could be reused to remotely send commands to exposed Teslas and allow hackers to retain long-term access to cars without the driver’s knowledge.
The teen said he first became aware of the vulnerability in a Tesla in October and was able to contact the owner. It found more than 20 more vulnerable Teslas in January, but had difficulty contacting the owners.
In his efforts to alert Tesla owners to the problem, Colombo also found a flaw in the automaker’s software for its digital key that allowed him to learn the Tesla owner’s email address.
After privately reporting the problems to TeslaMate, as well as the Tesla security team, the third-party tool pushed a software fix and the Tesla security team revoked all tokens affected access and notified the owners.
TeslaMate and a Tesla spokesman did not respond to a request for comment from BI, but TeslaMate he told TechCrunch that the company sent the update within hours of receiving the email from Colombo.
It should be noted that the German security researcher is not the first to hack a Tesla. Last year, two researchers demonstrated how a drone could launch an attack over Wi-Fi and open the doors of a Tesla. In 2020, another researcher managed to hack a Tesla’s keyless entry system in 90 seconds by spoofing the signal.