Expert Comment: Teen Claims To Have Hacked Dozens Of Teslas Worldwide

A 19-year-old claims to have hacked into more than 25 Tesla cars in 13 countries, saying in a series of tweets that a software flaw allowed him to access the EV pioneer’s systems.

David Colombo, a self-described information technology specialist, tweeted Tuesday that the software flaw allows him to unlock doors and windows, start the cars without keys and disable their security systems. Colombo noted that he could not drive the cars remotely.

Colombo also claimed he can see if a driver is present in the car:

https://www.seattletimes.com/business/teen-claims-to-have-hacked-dozens-of-teslas-worldwide/

https://www.bloomberg.com/news/articles/2022-01-12/teen-hacker-claims-to-have-taken-control-of-25-teslas-worldwide

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Morgan Whitlow
Morgan Whitlow , Sr. Security Researcher
InfoSec Expert
January 14, 2022 9:38 pm

<p>From what has been said by Colombo both in the original posts to social media and within interviews, it sounds like this might have been a vulnerability in Tesla\’s mobile companion app or the related API.</p>
<p>Many of the commands and functions he mentions line up with the mobile app\’s features and capabilities; honking the horn, flashing the lights, unlocking the door, etc. This could explain how he\’s able to perform certain commands on vehicles without being able to say, drive it around like a toy RC car, or having to be within a certain range; the app/API doesn\’t support that level of control.</p>
<p>If he\’s found a way to exploit the app/API, or to login as the customer, then he\’s essentially tricking Tesla\’s backend servers that he\’s the legitimate owner and they\’ll carry out any app-allowable command just the same as they would normally. That said, it\’s hard to say this with any certainty until we have more concrete information, but it\’ll be interesting to watch it unfold.</p>

Last edited 8 months ago by Morgan Whitlow
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x