Facepalm: This week, a teenager reported that he has gained remote access to around two dozen Tesla cars in multiple countries and is trying to contact their owners. The list of things he can do to the affected vehicles is long and dangerous.
Nineteen-year-old IT security specialist David Columbo reported in a Twitter thread Monday and Tuesday that he gained complete control of over 25 Teslas in 13 countries without their owners knowing. He doesn’t want to disclose exactly how he did it until he reports the vulnerability to the non-profit Mitre. However, Columbo did say it was due to errors on the owners’ part, not a security flaw in Tesla’s software.
So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…— David Colombo (@david_colombo_) January 10, 2022
Columbo said he could search the precise location of each car, disable their security, open their doors and windows even while they’re on the road, play music and YouTube videos at full volume, and more. While Columbo can’t remotely drive the cars, he could steal them if he were at their physical locations. Tesla’s security team has already told Columbo they’re looking into it.
Even though Columbo says this isn't Tesla's fault, it could still be a PR issue for the company, painting the cars as ever more vulnerable in consumers' minds. Near the end of last year, Tesla recalled a significant number of vehicles sold in the US over trunk lid problems. This incident could also affect the development of Tesla's self-driving mode, which is still in beta.