Nineteen year-old IT security specialist and hacker, David Colombo from Germany, who wants to start his own cybersecurity startup and change the world, says he found a vulnerability that gives him full control of Tesla cars. He recently tweeted that he has ‘full remote control’ of over two dozen Teslas located in thirteen different countries.
He does stress in his posts that he used API keys and third party software to gain access to the vehicles, but he didn’t do it through a vulnerability in Tesla’s software infrastructure. He explains that the owners are actually to blame for the vulnerability, not Tesla, although in other posts from January 11, David explains that he doesn’t have actual control over the vehicles’ steering or acceleration, but he says this is still a dangerous situation
Regarding what I‘m able to do with these Tesla‘s now. This includes disabling Sentry Mode, opening the doors/windows and even starting Keyless Driving.
I could also query the exact location, see if a driver is present and so on. The list is pretty long. And yes, I also could remotely rick roll the affected owners by playing Rick Astley on YouTube in their Teslas.
I think it‘s pretty dangerous, if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway. Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers.
Earlier today, he did confirm that Tesla had contacted him and the automaker’s security team was investigating the issue. David says he never had any foul intentions, and his constant posts on the matter, answering questions do confirm it, but now we have to wait and see what Tesla says about this and how it intends to prevent this from happening in the future, regardless of what owners do.