Teen hacker finds bug that allows him to remotely control more than 25 Tesla

The downside to offering APIs for interacting with a car is that someone else's safety concern can become yours.
Enlarge / The downside to offering APIs for interacting with a car is that someone else’s safety concern can become yours.

Getty Images

A young hacker and computer security researcher found a way interact remotely with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.

David Colombo explained in the thread that the flaw was “not a vulnerability in Tesla’s infrastructure. It’s the owner’s fault[sic]. ” He claimed to be able turn off a car’s remote camera system, unlock open doors and windows, and even start driving without a key. He could also determine the exact location of the car.

However, Colombo clarified that he couldn’t actually interact with the Tesla’s steering, throttle, or brakes, so at least we don’t have to worry about an army of remote-controlled electric vehicles doing a The fate of the furious reconstitution.

Colombo says it reported the issue to Tesla’s security team, which is investigating the matter.

On a related note, early Wednesday morning, a third-party Tesla app called TezLab reported seeing “The simultaneous expiration of several thousand Tesla authentication tokens on Tesla’s side”. The TezLab application uses Tesla APIs which allow apps to do things like connect to the car and activate or deactivate the anti-theft camera system, unlock doors, open windows, etc.


Please enter your comment!
Please enter your name here

Trending this Week