Teenager says he remotely hacked into greater than 25 Teslas | Automotive Business Information
The 19-year outdated safety researcher mentioned the software program flaw he exploited was not inside Tesla’s software program or infrastructure.
By Bloomberg
Revealed On 12 Jan 2022
A 19-year-old safety researcher claims to have hacked remotely into greater than 25 Tesla Inc. vehicles in 13 international locations, saying in a collection of tweets {that a} software program flaw allowed him to entry the EV pioneer’s techniques.
David Colombo, a self-described data expertise specialist, tweeted Tuesday that the software program flaw permits him to unlock doorways and home windows, begin the vehicles with out keys and disable their safety techniques.
Colombo additionally claimed he can see if a driver is current within the automobile, activate the autos’ stereo sound techniques and flash their headlights.
I feel it‘s fairly harmful, if somebody is ready to remotely blast music on full quantity or open the home windows/doorways if you are on the freeway.
Even flashing the lights continuous can probably have some (harmful) impression on different drivers.
[4/X]
— David Colombo (@david_colombo_) January 11, 2022
{The teenager} didn’t reveal the precise particulars of the software program vulnerability, however mentioned it wasn’t inside Tesla’s software program or infrastructure, and added that solely a small variety of Tesla homeowners globally have been affected. His Twitter thread elicited a sturdy response, with greater than 800 retweets and over 6,000 likes.
“It’s primarily the homeowners (& a 3rd occasion) fault,” Colombo mentioned in a response to questions from Bloomberg Information. “This will likely be described extra intimately in my writeup. However glad to see Tesla taking motion now.”
A consultant for Tesla in China declined to remark, whereas the carmaker’s world press workforce didn’t reply to an electronic mail searching for remark exterior of West Coast enterprise hours.
Sure, I probably might unlock the doorways and begin driving the affected Tesla‘s.
No I cannot intervene with somebody driving (aside from beginning music at max quantity or flashing lights) and I additionally cannot drive these Tesla‘s remotely.
[7/7]
— David Colombo (@david_colombo_) January 11, 2022
In keeping with one on-line report, U.S.-based Tesla has a vulnerability disclosure platform the place safety researchers can register their very own autos for testing, which Tesla can pre-approve. The corporate pays as much as $15,000 for a qualifying vulnerability.
Colombo later tweeted he has been in contact with Tesla’s safety workforce, and mentioned they have been investigating the problem. The workforce mentioned they may come again to him with any updates, he mentioned.
(Updates with Colombo response in fifth paragraph.)
