A 19-year-old German security researcher claims to have been able to remotely hack more than 25 Tesla vehicles in 13 countries after discovering a software flaw in the company’s system.
and Twitter series On Tuesday, David Colombo can remotely access the vehicle, disable Sentry mode (a feature that allows Tesla owners to monitor suspicious activity), unlock doors and windows, and start the car without a key. Insisted.
Colombo also claimed that he could query the exact location of the driver and see if he was in the car, adding that the list of things he could do was “quite long.”
A teenager said the vulnerability was not due to Tesla’s infrastructure, but was the “owner.” [sic] “Failure,” he said, “we need to report this to the owner,” but did not provide the exact details of the software vulnerability.
Colombo said he couldn’t remotely control the steering, acceleration and braking of the vehicle, but “playing Rick Astley on Tesla’s YouTube allows you to remotely rickroll affected owners.” Joke.
“Yes, you may be able to unlock the door and start driving the affected Tesla. No, you can’t intervene in the driver (start music at maximum volume or light) You can’t even drive these Tesla remotely, “Colombo wrote on Twitter.
“I think it would be pretty dangerous if someone could remotely blow full volume music or open windows or doors while on the freeway. Even blinking the lights non-stop would be other It can have a (dangerous) impact on the driver, “Colombo said.
“That’s why I want to fix it all before I give you specific details about what this is,” he said, contacting MITER, an American nonprofit that provides engineering and technical guidance. I added. For the federal government.
The teenager said he was also in contact with the affected Tesla vehicle owners. He did not provide photographic or video evidence to support his claim.
In an updated Twitter post, Colombo said he would update him by contacting Tesla’s security team, who confirmed that he was investigating the incident. The MITER Common Vulnerabilities and Exposures assignment team also “booked CVE,” he said.
Colombo and Tesla are not responding to requests for comment.
Tesla vehicles face many safety issues, including self-driving capabilities.
Last August, the National Highway Traffic Safety Administration (NHTSA) announced that Tesla’s self-driving system and fully autonomous driving after nearly 12 collisions by parked emergency vehicles killed one and injured 17 others. (FSD) We have started a formal investigation of the system. On August 31, the investigation was extended to cover the twelfth case (pdf).
Tesla withdrew in October, just one day after releasing the latest version of the FSD beta software. This is because our in-house quality assurance found a problem with the left turn of the traffic light.
For Tesla Vulnerability disclosure platform Security researchers can report legitimate vulnerabilities in Tesla vehicles and are rewarded with up to $ 15,000 for eligible vulnerabilities.