3rd-party flaws allowed teen hacker to track location of Tesla cars

7 months ago 20

The security researcher made a startling revelation that he could access more than 25 Tesla vehicles in around 13 countries by exploiting the flaw.

A Germany-based teenager proclaimed in a tweet that he had identified security vulnerabilities in third-party software used in Tesla cars that allow him to take control of key functions of the car, such as unlocking windows/doors, starting the car, and disabling their security system.

Details of the Flaw

According to David Colombo (19), who claims to be an IT security specialist, he identified flaws in third-party software, which a small number of Tesla car owners use. The flaws allow hackers to take control of some of the car’s functions remotely.

Apart from controlling the car’s security system, windows/doors, Colombo stated in his tweet posted on Tuesday that he can identify if there’s someone present on the driving seat, flash the car’s headlights, disable Sentry mode, and turn on the stereo system.

Colombo noted that it is “pretty dangerous” if a remote hacker can turn the volume up and down or open the door or windows when the car is driven on the highway.

“I could also query the exact location, see if a driver is present, and so on. The list is pretty long. And yes, I also could remotely rickroll the affected owners by playing Rick Astley on Youtube in their Teslas…”

“Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers,” Colombo’s tweet read.

25 Teslas across 13 countries were accessable

Colombo made a startling revelation that he could access more than 25 Tesla vehicles in around 13 countries by exploiting the flaw.

19-year-old hacked Tesla cars through third-party software flawTweets from the hacker

“Nevertheless I now can remotely run commands on 25+ Teslas in 13 countries without the owners’ knowledge. Regarding what I‘m able to do with these Teslas now. This includes disabling Sentry Mode, opening the doors/windows, and even starting Keyless Driving…” Colombo’s tweet revealed.

However, he noted that he decided to post about the issue on Twitter only after he couldn’t contact most car owners directly. He shared screenshots and other proof of his research and has informed the automaker about the name of the software vendor as well as the vulnerabilities’ details. 

According to Colombo’s follow-up tweet, Tesla’s Security Team is informed about the issue and working to resolve it. Nevertheless, Colombo confirmed that he couldn’t interact with the steering, brakes, or throttle. He also clarified that the vulnerability wasn’t in Tesla’s infrastructure but was the owners’ fault.

More Tesla hacking and security news:

Sensitive user data found in Tesla car parts sold on eBay Tesla cars can be remotely hacked using a drone, WIFI dongle Researchers found another way to hack Tesla Model X Key Fob Russian hacker pleads guilty to planting malware in Tesla Gigafactory Musk confirms Russian hacker tried hiring Tesla worker for malware attack
Read Entire Article