A 19-year-old claims to have hacked into more than 25 Tesla cars in 13 countries, saying in a series of tweets that a software flaw allowed him to access the EV pioneer’s systems.
David Colombo, a self-described information technology specialist, tweeted Tuesday that the software flaw allows him to unlock doors and windows, start the cars without keys and disable their security systems. Colombo noted that he could not drive the cars remotely.
Media reports can be found here and here.
Tesla hasn’t responded to this yet. But if this is true, this is a serious problem for Tesla. And it reminds me of a similar situation with GM’s OnStar where came up with a method to do something similar to OwnStar equipped cars which was dubbed “OwnStar”.
Morgan Whitlow, Sr. Security Researcher, www.grimm-co.com had this commentary:
“From what has been said by Colombo both in the original posts to social media and within interviews, it sounds like this might have been a vulnerability in Tesla’s mobile companion app or the related API.
Many of the commands and functions he mentions line up with the mobile app’s features and capabilities; honking the horn, flashing the lights, unlocking the door, etc. This could explain how he’s able to perform certain commands on vehicles without being able to say, drive it around like a toy RC car, or having to be within a certain range; the app/API doesn’t support that level of control.
If he’s found a way to exploit the app/API, or to login as the customer, then he’s essentially tricking Tesla’s backend servers that he’s the legitimate owner and they’ll carry out any app-allowable command just the same as they would normally. That said, it’s hard to say this with any certainty until we have more concrete information, but it’ll be interesting to watch it unfold. “
I’ll be watching this very closely as this is something that Tesla will have to respond to very quickly in order to keep their owners safe and confident about their rather expensive electric vehicles. Watch this space.
Like this:
Like Loading...
Related
This entry was posted on January 13, 2022 at 11:09 am and is filed under Commentary with tags Hacked, Tesla. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Teen Claims To Have Pwned Tesla Cars In 13 Countries
A 19-year-old claims to have hacked into more than 25 Tesla cars in 13 countries, saying in a series of tweets that a software flaw allowed him to access the EV pioneer’s systems.
David Colombo, a self-described information technology specialist, tweeted Tuesday that the software flaw allows him to unlock doors and windows, start the cars without keys and disable their security systems. Colombo noted that he could not drive the cars remotely.
Media reports can be found here and here.
Tesla hasn’t responded to this yet. But if this is true, this is a serious problem for Tesla. And it reminds me of a similar situation with GM’s OnStar where came up with a method to do something similar to OwnStar equipped cars which was dubbed “OwnStar”.
Morgan Whitlow, Sr. Security Researcher, www.grimm-co.com had this commentary:
“From what has been said by Colombo both in the original posts to social media and within interviews, it sounds like this might have been a vulnerability in Tesla’s mobile companion app or the related API.
Many of the commands and functions he mentions line up with the mobile app’s features and capabilities; honking the horn, flashing the lights, unlocking the door, etc. This could explain how he’s able to perform certain commands on vehicles without being able to say, drive it around like a toy RC car, or having to be within a certain range; the app/API doesn’t support that level of control.
If he’s found a way to exploit the app/API, or to login as the customer, then he’s essentially tricking Tesla’s backend servers that he’s the legitimate owner and they’ll carry out any app-allowable command just the same as they would normally. That said, it’s hard to say this with any certainty until we have more concrete information, but it’ll be interesting to watch it unfold. “
I’ll be watching this very closely as this is something that Tesla will have to respond to very quickly in order to keep their owners safe and confident about their rather expensive electric vehicles. Watch this space.
Share this:
Like this:
Related
This entry was posted on January 13, 2022 at 11:09 am and is filed under Commentary with tags Hacked, Tesla. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.