Teen Claims To Have Pwned Tesla Cars In 13 Countries

A 19-year-old claims to have hacked into more than 25 Tesla cars in 13 countries, saying in a series of tweets that a software flaw allowed him to access the EV pioneer’s systems.

David Colombo, a self-described information technology specialist, tweeted Tuesday that the software flaw allows him to unlock doors and windows, start the cars without keys and disable their security systems. Colombo noted that he could not drive the cars remotely.

Media reports can be found here and here.

Tesla hasn’t responded to this yet. But if this is true, this is a serious problem for Tesla. And it reminds me of a similar situation with GM’s OnStar where came up with a method to do something similar to OwnStar equipped cars which was dubbed “OwnStar”.

Morgan Whitlow, Sr. Security Researcher, www.grimm-co.com had this commentary:

“From what has been said by Colombo both in the original posts to social media and within interviews, it sounds like this might have been a vulnerability in Tesla’s mobile companion app or the related API. 

Many of the commands and functions he mentions line up with the mobile app’s features and capabilities; honking the horn, flashing the lights, unlocking the door, etc. This could explain how he’s able to perform certain commands on vehicles without being able to say, drive it around like a toy RC car, or having to be within a certain range; the app/API doesn’t support that level of control. 

If he’s found a way to exploit the app/API, or to login as the customer, then he’s essentially tricking Tesla’s backend servers that he’s the legitimate owner and they’ll carry out any app-allowable command just the same as they would normally. That said, it’s hard to say this with any certainty until we have more concrete information, but it’ll be interesting to watch it unfold. “

I’ll be watching this very closely as this is something that Tesla will have to respond to very quickly in order to keep their owners safe and confident about their rather expensive electric vehicles. Watch this space.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: