Teen hacker gains remote control of over 20 Teslas

Daniel Sims

Posts: 404   +17
Staff
Facepalm: This week, a teenager reported that he has gained remote access to around two dozen Tesla cars in multiple countries and is trying to contact their owners. The list of things he can do to the affected vehicles is long and dangerous.

Nineteen-year-old IT security specialist David Columbo reported in a Twitter thread Monday and Tuesday that he gained complete control of over 25 Teslas in 13 countries without their owners knowing. He doesn’t want to disclose exactly how he did it until he reports the vulnerability to the non-profit Mitre. However, Columbo did say it was due to errors on the owners’ part, not a security flaw in Tesla’s software.

Columbo said he could search the precise location of each car, disable their security, open their doors and windows even while they’re on the road, play music and YouTube videos at full volume, and more. While Columbo can’t remotely drive the cars, he could steal them if he were at their physical locations. Tesla’s security team has already told Columbo they’re looking into it.

Even though Columbo says this isn't Tesla's fault, it could still be a PR issue for the company, painting the cars as ever more vulnerable in consumers' minds. Near the end of last year, Tesla recalled a significant number of vehicles sold in the US over trunk lid problems. This incident could also affect the development of Tesla's self-driving mode, which is still in beta.

Permalink to story.

 

scavengerspc

Posts: 2,375   +2,516
TechSpot Elite
Time for me to be inflammatory again but the kind of person that buys a Tesla seems to me to also be the exact kind of person who sets his password as "password" without giving it a second thought and then buys and NFT monkey.
I can agree with that. You aren't going to see many failures buying either.
 

YouShallNotPass

Posts: 27   +63
If he can play custom YouTube on the car, he obviously can contact the owner by video. He is either not very smart or just trying to get famous by going public.
 

Morphine Child

Posts: 122   +208
Soon we will have cars with day one patches, DLCs and whatnot. And a few teen hackers remotely driving their annoying and rich grandparents into a river with locked doors... oh the possibilities.
 

JamesBlond

Posts: 171   +120
I take it nobody thinks its a plan...... why is there law against creating 2048bit encryption apps and hardware combo's ...?? Maybe because if its too hard for the FBI to hack your car its not good for them..???
 

ChrisH1

Posts: 190   +90
Time for me to be inflammatory again but the kind of person that buys a Tesla seems to me to also be the exact kind of person who sets his password as "password" without giving it a second thought and then buys and NFT monkey.
A generalization. I bought a Tesla, and have never set my password to 'password' or anything like it (I.e. easy to guess) in my entire life.
 

Theinsanegamer

Posts: 3,323   +5,518
See...this is why I love my 30 year old truck. Cant hack a computer if it doesnt exist (or in my case, uses a 6 it cut down 8086).
Time for me to be inflammatory again but the kind of person that buys a Tesla seems to me to also be the exact kind of person who sets his password as "password" without giving it a second thought and then buys and NFT monkey.
I imagine the people who buy most teslas are the same ones that buy the newest, highest end iphone every year and subsribe to every streaming service rather then buy something they want.

model 3s are cheap enough though you see people who only buy the newest, highest end iphone every 2 years.
 

Dr Roboto

Posts: 17   +32
This is why you don't integrate infotainment with any vehicle controls. Vehicle controls needs to be isolated from all other systems.
The hacker states that it not the fault of Telsa. I have to disagree. Why on earth would a person need to remotely access a lot of these features from the internet? Seriously, the security of a Telsa does not seem to be any stronger then the same password you use to login into TechSpot. You know the same passwords that people make too obvious (123456, etc.) or are stolen on a daily basis from company security breaches.

IMO, Telsa is so focused on being a cutting edge, game changing company that sometimes they just fail at basic common sense. A lot of times it works for them, but sometimes you have to look at it this way: "Just because you can, doesn't mean you should."

Now get off my lawn ;)
 

netman

Posts: 755   +317
This could be disastrous for Musk...! If the car parts are to blame, ALL the Teslas in the World need to be recalled...!