25 Tesla cars in 13 countries hacked as a security warning by a 19-year-old enthusiast
With modern electric cars dubbed "computers on wheels," reports on successfully hacking them to take over control were only a matter of time. When those reports refer to the world's most valuable car company, Tesla, it becomes all the more interesting how the hacker has achieved access to an EV belonging to someone else. The issue then becomes even more troubling given the fact that the breach was achieved by a 19-year-old "IT Security Specialist & Hacker." David Colombo claims they managed to virtually break into 25 Tesla cars in 13 countries and gain control over some of their functions via a third-party vulnerability. What was he able to with the Teslas then?
Nevertheless I now can remotely run commands on 25+ Teslas in 13 countries without the owners knowledge. Regarding what I‘m able to do with these Teslas now. This includes disabling Sentry Mode, opening the doors/windows and even starting Keyless Driving...
I could also query the exact location, see if a driver is present and so on. The list is pretty long. And yes, I also could remotely rick roll the affected owners by playing Rick Astley on Youtube in their Teslas...
As already stated in some other replies, it is not „full remote control“ as in being able to remotely control steering or acceleration & braking... Yes, I potentially could unlock the doors and start driving the affected Teslas. No I can not intervene with someone driving (other than starting music at max volume or flashing lights) and I also can not drive these Teslas remotely.
He flagged the hack to Tesla's security team as there was no way to warn the people affected, and they are reportedly taking action, revoking tokens en masse, and looking into ways to avoid the issue in the future. It's worth noting that the Tesla access gained was not via some vulnerability in the car's core software, but rather third-party mods or hardware that people installed, so the issue is potentially affecting only a limited amount of Tesla drivers.
Keyless Driving no longer requires a password.https://t.co/E7IvtawUlb— David Colombo (@david_colombo_) January 13, 2022