David Colomb, a young 19-year-old cybersecurity specialist, announced on Twitter that he had found a loophole in Tesla’s infrastructure. By exploiting the latter, he managed to hack 25 of them, in more than ten different countries. He can thus control them remotely, for example by activating the headlights or the radio.
While many believe Tesla revolutionized the auto industry, Elon Musk’s firm did so at the cost of safety. By offering its infotainment system, the latter opened the way for hackers to a whole different category of hacking. Indeed, like any other electronic system, vehicles are subject to security breaches, some of which are very risky. This is how it was, for a time, possible to steal a Model X in just 90 seconds, or even access certain confidential data via Powerall batteries.
A young self-proclaimed cybersecurity specialist has raised the bar to a whole new level. On Twitter, David Colombo claims to have currently full control over 25 Tesla cars, located in 13 different countries. He can thus, from a distance, “Deactivate Sentinel mode, open the doors and windows and even start the car without the keys”. To do this, he detected a flaw in the firmware of the vehicles, without giving further details.
At just 19, he controls 25 Tesla remotely
Indeed, David Colombo specifies that he does not want to expose the method used before Tesla solves the problem, in order not to give ideas to malicious individuals. “This is why I would like everything to be settled before I publish specific details on what exactly this is about”, he writes. We can understand it. This flaw seems to give him significant power over cars, further allowing him turn on the headlights and use the speakers.
On the same subject: Tesla mobilizes its fans to have the right to sell more cars in New York
“I think it’s pretty dangerous if someone is able to remotely play music at full volume or open windows / doors while you’re on the freeway. Even flashing the lights continuously can potentially have a (dangerous) impact on other drivers. “ Yesterday, Tesla responded to his requests and finally corrected the vulnerability.