Hacker claims he has control of more than two dozen Teslas around the world [Update]

A teen hacker from Germany claims that he has gained access to and control some functions on more than two dozen Tesla vehicles around the world.

The access was not gained because of a vulnerability in Tesla’s infrastructure, but rather due to the owners’ use of third party services and API keys.

In a thread on Twitter, 19 year old David Colombo (@david_colombo_) says he can remotely run commands on more than 25 Teslas in 13 countries around the world.

With access to these cars, Colombo says he can disable Sentry Mode, unlock the doors, open the windows, and start the car with remote keyless driving, all without the owner’s knowledge.

He can also see the car’s exact location. In a discussion with Drive Tesla, Colombo confirmed at least one of the affected cars is in Kitchener, Ontario.

Fortunately the hacker says he has no intentions of using his new powers for evil, but instead wants to contact the owners to let them know to better secure their accounts.

Unfortunately he hasn’t been able to figure out a way to do this yet, but has already submitted his concerns MITRE’s CVE program, which works to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

UPDATE 9:42am PST: Colombo has confirmed with us that he is now coordinating with Tesla’s Product Security Team to notify the affected owners.

While Colombo was obviously unable to share the specifics with Drive Tesla, one obvious way in which you can better secure your account is to use Multi-Factor Authentication (MFA).

Tesla released this long overdue feature last year, adding an extra layer of security to your account. You can read more about MFA here.

Editors note: this article has been updated to clarify the vulnerability is due to the use of third-party services and API tokens.

https://twitter.com/david_colombo_/status/1480851134705291266

https://twitter.com/david_colombo_/status/1480852490748940294

Are you buying a Tesla? If you enjoy our content and we helped in your decision, use our referral link to get a three month trial of Full Self-Driving (FSD).
Previous Article

University of Waterloo launches incentive for departments to switch to EVs

Next Article

BCI Marine to install Aqua superPower fast-charging points throughout Canada

You might be interested in …