Teen Gains Full control over car doors, security system, and more
Facepalm: This week, a teenager reported that he has gained remote access to around two dozen Tesla cars in multiple countries and is trying to contact their owners. The list of things he can do to the affected vehicles is long and dangerous.
Nineteen-year-old IT security specialist David Columbo reported in a Twitter thread Monday and Tuesday 10th-11th Jan 2022, that he gained complete control of over 25 Teslas in 13 countries without their owners knowing. He doesn’t want to disclose exactly how he did it until he reports the vulnerability to the non-profit Mitre. However, Columbo did say it was due to errors on the owners’ part, not a security flaw in Tesla’s software.
Columbo said he could search the precise location of each car, disable their security, open their doors and windows even while they’re on the road, play music and YouTube videos at full volume, and more. While Columbo can’t remotely drive the cars, he could steal them if he were at their physical locations.
Tesla’s security team has already told Columbo they’re looking into it.
Even though Columbo says this isn’t Tesla’s fault, it could still be a PR issue for the company, painting the cars as ever more vulnerable in consumers’ minds. Near the end of last year, Tesla recalled a significant number of vehicles sold in the US over trunk lid problems. This incident could also affect the development of Tesla’s self-driving mode, which is still in beta.
Real InfoSecurity reached out to Tesla this evening and was able to confirm the correspondence between the security researcher and Tesla.
We think you may enjoy reading,