David Colombo explained in the thread that the flaw was “not a vulnerability in Tesla’s infrastructure. It’s the owner’s fault[sic]. ” He claimed to be able turn off a car’s remote camera system, unlock open doors and windows, and even start driving without a key. He could also determine the exact location of the car.
However, Colombo clarified that he couldn’t actually interact with the Tesla’s steering, throttle, or brakes, so at least we don’t have to worry about an army of remote-controlled electric vehicles doing a The fate of the furious reconstitution.
Colombo says it reported the issue to Tesla’s security team, which is investigating the matter.
On a related note, early Wednesday morning, a third-party Tesla app called TezLab reported seeing “The simultaneous expiration of several thousand Tesla authentication tokens on Tesla’s side”. The TezLab application uses Tesla APIs which allow apps to do things like connect to the car and activate or deactivate the anti-theft camera system, unlock doors, open windows, etc.