A 19-year-old claims to have hacked into more than 25 Tesla cars in 13 countries, saying in a series of tweets that a software flaw allowed him to access the EV pioneer’s systems.
David Colombo, a self-described information technology specialist, tweeted Tuesday that the software flaw allows him to unlock doors and windows, start the cars without keys and disable their security systems. Colombo noted that he could not drive the cars remotely.
Colombo also claimed he can see if a driver is present in the car:
<p>From what has been said by Colombo both in the original posts to social media and within interviews, it sounds like this might have been a vulnerability in Tesla\’s mobile companion app or the related API.</p>
<p>Many of the commands and functions he mentions line up with the mobile app\’s features and capabilities; honking the horn, flashing the lights, unlocking the door, etc. This could explain how he\’s able to perform certain commands on vehicles without being able to say, drive it around like a toy RC car, or having to be within a certain range; the app/API doesn\’t support that level of control.</p>
<p>If he\’s found a way to exploit the app/API, or to login as the customer, then he\’s essentially tricking Tesla\’s backend servers that he\’s the legitimate owner and they\’ll carry out any app-allowable command just the same as they would normally. That said, it\’s hard to say this with any certainty until we have more concrete information, but it\’ll be interesting to watch it unfold.</p>