Security researcher reveals how they hacked Tesla vehicles
A security researcher has hacked several Tesla cars after security bugs in the vehicles were discovered. The researcher, David Columbo, posted tweets earlier this month saying that they had accessed cars around the globe. Now, Columbo has revealed how they remotely broke into the vehicles.
The cars were accessed through security bugs in TeslaMate, third-party software which enables you to access hidden data, such as a log of your vehicle's fuel consumption and other driving statistics. The tool uses the Tesla API to retrieve this data tied to the car and its owner.
Some TeslaMate web dashboards were accessible to Columbo through flaws such as default passwords which users often left unchanged and the ability for accounts to be accessed anonymously. These weaknesses allowed Columbo to collect several Tesla vehicle's API keys, which they could use to control the cars remotely.
The vulnerabilities allowed the researcher to access 25 Tesla cars in 13 countries, including Model Y and Model 3 vehicles. The hack meant that they could use features like unlocking the doors, starting keyless driving and honking the horn.
Columbo says that the issue has now been resolved through the latest update to TeslaMate. Tesla has also said that all affected users should have received an email notifying them of the security flaw. The company has also revoked thousands of keys that may have been exposed.
While the issues Columbo discovered were not in the Tesla infrastructure itself, they believe that Tesla needs to improve its security further. They plan to continue their research, stating,
Automotive security is a very important topic, especially as other automakers, such as VW, join in digitizing their fleets.