Alamy
A teenage hacker has claimed he has full control of more than 20 Teslas in 10 different countries.
As cars get more technologically sophisticated, the need to protect them from more advanced threats becomes clearer.
David Colombo, a teenager in Germany, took to Twitter to claim that he has managed to hack into Tesla cars all over the world and control them to such an extent that he can unlock their doors or allow the vehicle to be driven without a key.
So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…
— David Colombo (@david_colombo_) January 10, 2022
Someone being able to take over your car is meant to be the stuff of science fiction and horror movies, though Colombo stressed that the fault that allowed him to hack into the cars was not due to Tesla itself.
Instead the flaw seems to lie with a piece of third-party software that only a handful of Tesla owners use, which could allow hackers to control all sorts of functions of their cars.
Colombo can determine exactly where the cars are, open their doors and windows, switch on the headlights and even play music through the speakers, Daily Star reports.
I could also query the exact location, see if a driver is present and so on. The list is pretty long.
And yes, I also could remotely rick roll the affected owners by playing Rick Astley on Youtube in their Tesla‘s
[3/X]
— David Colombo (@david_colombo_) January 11, 2022
A talented hacker without malice might use this to Rick-roll their victim, as Colombo suggested he could do, but there are more sinister applications of this information as the teenager can also tell whether someone is in the car and switch off Sentry Mode, a Tesla security system that can record an attempted break-in.
Colombo warned that the ability to mess with the car remotely posed a danger to the driver and other motorists, as the sudden blasting of music could distract them while the flickering of headlights could dazzle other drivers.
It could also leave the cars vulnerable to theft if someone wanted to unlock the doors and activate keyless driving, thus allowing them to get into the car and drive it away.
That‘s why I would like to get this all fixed before I release any specific details regarding what exactly this all is about.
Next steps:– Waiting for MITRE‘s reply regarding a CVE– Preparing my Writeup– Coordinating disclosure to affected owners with Tesla
[5/5]
— David Colombo (@david_colombo_) January 11, 2022
Fortunately, one thing a maliciously-minded hacker could not do is hijack the car and drive it remotely or take control of the vehicle while someone else was at the wheel.
Colombo has contacted Tesla and the developer of the third-party software in question to inform them of the potential issue.
The teenager’s actions appear to be an example of ‘ethical hacking’, where someone attempts to break into a computer system to see what flaws may be present in the code.
If you have a story you want to tell, send it to UNILAD via story@unilad.com
Read more: unilad.co.uk