- First Name
- GG
- Joined
- Jul 13, 2020
- Threads
- 49
- Messages
- 550
- Reaction score
- 1,115
- Location
- Northern Virginia
- Vehicle(s)
- GT500
- Your Bronco Model
- Raptor
- Thread starter
- #1
A 19-year-old security researcher in Germany claims he was able to remotely hack into more than 25 Tesla vehicles in 13 countries after discovering a software flaw in the company’s systems.
In a series on Twitter on Tuesday, David Colombo claimed that he had been able to remotely access the vehicles and disable Sentry Mode—a feature that allows Tesla owners to monitor suspicious activities—unlock doors and windows, and start the cars without keys.
Colombo also claimed that he could query the driver’s exact location and see if they were present in the car, adding that the list of things he could do was “pretty long.”
The teenager went on to state that the vulnerability was not due to Tesla‘s infrastructure but that it was “the owners [sic] faults” and that he would “need to report this to the owners” but did not reveal the exact details of the software vulnerability.
While Colombo said he was not able to remotely control steering or acceleration and braking in the vehicles, he joked that he could “remotely rick roll the affected owners by playing Rick Astley on Youtube in their Tesla’s.”
“Yes, I potentially could unlock the doors and start driving the affected Tesla‘s. No, I can not intervene with someone driving (other than starting music at max volume or flashing lights) and I also can not drive these Tesla‘s remotely,” Colombo wrote on Twitter.
“I think it‘s pretty dangerous if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway. Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers,” Colombo said.
“That‘s why I would like to get this all fixed before I release any specific details regarding what exactly this all is about,” he said, adding that he had contacted MITRE, the American not-for-profit organization that provides engineering and technical guidance for the federal government.
The teenager said that he was also in contact with the affected Tesla vehicle owners. He did not provide photographic or video evidence to support his claims.
In an updated Twitter post, columbo said that he had been in contact with Tesla‘s Security Team who had confirmed they were investigating the incident and would update him. The MITRE Common Vulnerabilities and Exposures Assignment Team had also “reserved a CVE for it,” he said.
Colombo and Tesla have not responded to a request for comment.
Tesla vehicles have encountered a number of safety issues including with their autonomous driving features.
In August last year, the National Highway Traffic Safety Administration (NHTSA) opened a formal probe into Tesla’s Autopilot and full self-driving (FSD) systems following nearly a dozen crashes with parked emergency vehicles that left one person dead and injured 17 others. On Aug. 31, that investigation was expanded to cover a 12th incident (pdf).
In October, Tesla withdrew the latest version of its FSD beta software just one day after it was released after the company’s internal quality assurance found problems with some left turns at traffic lights.
Tesla has a vulnerability disclosure platform where security researchers can report legitimate vulnerabilities in Tesla vehicles and are rewarded with up to $15,000 for a qualifying vulnerability.
In a series on Twitter on Tuesday, David Colombo claimed that he had been able to remotely access the vehicles and disable Sentry Mode—a feature that allows Tesla owners to monitor suspicious activities—unlock doors and windows, and start the cars without keys.
Colombo also claimed that he could query the driver’s exact location and see if they were present in the car, adding that the list of things he could do was “pretty long.”
The teenager went on to state that the vulnerability was not due to Tesla‘s infrastructure but that it was “the owners [sic] faults” and that he would “need to report this to the owners” but did not reveal the exact details of the software vulnerability.
While Colombo said he was not able to remotely control steering or acceleration and braking in the vehicles, he joked that he could “remotely rick roll the affected owners by playing Rick Astley on Youtube in their Tesla’s.”
“Yes, I potentially could unlock the doors and start driving the affected Tesla‘s. No, I can not intervene with someone driving (other than starting music at max volume or flashing lights) and I also can not drive these Tesla‘s remotely,” Colombo wrote on Twitter.
“I think it‘s pretty dangerous if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway. Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers,” Colombo said.
“That‘s why I would like to get this all fixed before I release any specific details regarding what exactly this all is about,” he said, adding that he had contacted MITRE, the American not-for-profit organization that provides engineering and technical guidance for the federal government.
The teenager said that he was also in contact with the affected Tesla vehicle owners. He did not provide photographic or video evidence to support his claims.
In an updated Twitter post, columbo said that he had been in contact with Tesla‘s Security Team who had confirmed they were investigating the incident and would update him. The MITRE Common Vulnerabilities and Exposures Assignment Team had also “reserved a CVE for it,” he said.
Colombo and Tesla have not responded to a request for comment.
Tesla vehicles have encountered a number of safety issues including with their autonomous driving features.
In August last year, the National Highway Traffic Safety Administration (NHTSA) opened a formal probe into Tesla’s Autopilot and full self-driving (FSD) systems following nearly a dozen crashes with parked emergency vehicles that left one person dead and injured 17 others. On Aug. 31, that investigation was expanded to cover a 12th incident (pdf).
In October, Tesla withdrew the latest version of its FSD beta software just one day after it was released after the company’s internal quality assurance found problems with some left turns at traffic lights.
Tesla has a vulnerability disclosure platform where security researchers can report legitimate vulnerabilities in Tesla vehicles and are rewarded with up to $15,000 for a qualifying vulnerability.
Sponsored
