A teenage hacker has claimed he managed to take over more than 20 Tesla vehicles in at least 10 different countries through a software vulnerability, having posted about the stunt on Twitter.
David Colombo, 19, said he gained ‘remote control’ of the cars, explaining that the vulnerability didn’t fall with Tesla, but with the owners instead.
Colombo, who is based in Germany and refers to himself as a ‘security specialist and hacker’, claimed he was able to run various commands without knowledge of the owners, including opening doors and windows, starting Keyless Driving and even ‘remotely rick roll the affected owners by playing Rick Astley on YouTube in their Teslas’.
He tweeted: “So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…”
In a thread, Colombo continued to explain what this meant for the people who owned the cars, saying: “This is not a vulnerability in Tesla‘s infrastructure. It's the owners faults. That's why I would need to report this to the owners as stated above.
“Nevertheless I now can remotely run commands on 25+ Tesla's in 13 countries without the owners’ knowledge.
“Regarding what I’m able to do with these Teslas now. This includes disabling Sentry Mode, opening the doors/windows and even starting Keyless Driving.
“I could also query the exact location, see if a driver is present and so on. The list is pretty long.
“And yes, I also could remotely rick roll the affected owners by playing Rick Astley on YouTube in their Teslas.”
Colombo added: “I think it’s pretty dangerous, if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway. Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers."
He said this was the reason why he ‘would like to get this all fixed’ before releasing any specific details about how he managed to obtain control, and that his next steps included ‘coordinating disclosure to affected owners with Tesla’.
Colombo also clarified he had not gained ‘full remote control’ as previously stated, as he would be unable to ‘intervene with someone driving (other than starting music at max volume or flashing lights’.
“I also cannot drive these Teslas remotely,” he said.
Later in the thread, Colombo shared an update to say that Tesla’s security team had confirmed ‘they’re investigating’ and would get back to him with more information as soon as they had it.
LADbible has contacted Tesla for comment.
Topics: Technology, World News, Tesla
Jess Hardiman