The 19-calendar year outdated security researcher reported the software package flaw he exploited was not inside of Tesla’s computer software or infrastructure.
By Bloomberg
Printed On 12 Jan 2022
A 19-12 months-aged safety researcher claims to have hacked remotely into extra than 25 Tesla Inc. autos in 13 international locations, stating in a series of tweets that a software flaw authorized him to obtain the EV pioneer’s methods.
David Colombo, a self-described info technological know-how specialist, tweeted Tuesday that the program flaw allows him to unlock doorways and windows, commence the automobiles with out keys and disable their security programs.
Colombo also claimed he can see if a driver is current in the car or truck, change on the vehicles’ stereo sound methods and flash their headlights.
I consider it‘s quite hazardous, if anyone is capable to remotely blast songs on total volume or open the windows/doorways though you are on the highway.
Even flashing the lights non-end can most likely have some (risky) effects on other drivers.
[4/X]
— David Colombo (@david_colombo_) January 11, 2022
The teen didn’t expose the actual facts of the software program vulnerability, but mentioned it was not inside Tesla’s software or infrastructure, and extra that only a little variety of Tesla owners globally have been influenced. His Twitter thread elicited a strong response, with far more than 800 retweets and above 6,000 likes.
“It’s generally the proprietors (& a third occasion) fault,” Colombo mentioned in a response to queries from Bloomberg Information. “This will be explained extra in depth in my writeup. But happy to see Tesla having action now.”
A agent for Tesla in China declined to remark, whilst the carmaker’s world wide push staff did not reply to an electronic mail in search of comment outside of West Coastline company hrs.
Yes, I possibly could unlock the doorways and get started driving the affected Tesla‘s.
No I can not intervene with anyone driving (other than starting off music at max quantity or flashing lights) and I also can not travel these Tesla‘s remotely.
[7/7]
— David Colombo (@david_colombo_) January 11, 2022
According to one online report, U.S.-based Tesla has a vulnerability disclosure platform the place security researchers can register their personal motor vehicles for testing, which Tesla can pre-approve. The firm pays up to $15,000 for a qualifying vulnerability.
Colombo later on tweeted he has been in touch with Tesla’s safety crew, and said they were investigating the issue. The team reported they will occur back again to him with any updates, he claimed.
(Updates with Colombo response in fifth paragraph.)