German teen claims he found a way to hack over 25 Tesla cars in 13 countries

By Alma Fabiani

Published Jan 15, 2022 at 08:57 AM

Reading time: 2 minutes

26396

On Tuesday 11 January, 19-year-old David Colombo, a self-described “information technology security specialist and hacker,” wrote on Twitter that he had found flaws in a piece of third-party software used by a relatively small number of owners of Tesla cars, meaning that hackers could remotely control some of the vehicles’ functions.

According to Colombo, the flaws gave him the ability to unlock doors and windows, start the cars without keys and even disable their security systems. He also claimed that he could see if a driver is present in the car, turn on the vehicles’ stereo sound systems and flash their headlights.

In other words, hacking into the third-party software in question offered him the chance to control pretty much what he wants in most Tesla cars. Considering the fact that a Massachusetts Institute of Technology (MIT) study confirmed that Tesla’s autopilot is unsafe back in September 2021, this potential addition to the infamous cars’ list of dangers came as yet another blow to Elon Musk’s company.

In an interview with Bloomberg, Colombo provided screenshots and other documentation of his research that identified the maker of the software and gave more details on the vulnerabilities it presents. He asked that the publication not publish specifics however, because the affected company had not published a fix at the time of writing. On Twitter, Colombo added that he could access more than 25 Teslas in at least 13 countries, which is why he decided to share this information on the social media platform when he wasn’t able to contact most of the owners directly.

‘So what’s wrong exactly?’ some of you might be wondering. According to what Colombo told Bloomberg, “the problem involves an insecure way the software stores sensitive information that’s needed to link the cars to the program.” While it truly depends on who can access such information, in the wrong hands, it could be stolen and repurposed by hackers to send malicious commands to the cars, he continued to explain. He even showed Bloomberg screenshots of a private conversation he had on Twitter with one of the affected owners, who allowed him to remotely honk his car’s horn.

Since then, Colombo has been in touch with members of Tesla’s security team as well as with the maker of the third-party software. Tesla has a “bug bounty” programme where cybersecurity researchers can report vulnerabilities in the company’s products and, if validated, receive payment.

This latest discovery goes to show some of the remaining risks of moving to the so-called ‘Internet of Things’, where everything is connected online—thus becoming potentially vulnerable to hacking threats. “Just don’t connect critical stuff to the internet,” Colombo advised. “It’s very simple. And if you have to, then make sure it is set up securely.”

Keep On Reading

By Eliza Frost

Why isn’t Sylvanian Drama posting on TikTok? Here’s the legal tea

By Alma Fabiani

The disturbing TikTok trend sexualising fake Down syndrome faces using AI filters

By Abby Amoakuh

Campaigners call for gamers who carry out virtual rape in the metaverse to be charged as real-life sex offenders

By Eliza Frost

Sabrina Carpenter says you need to get out more if you think Man’s Best Friend artwork is controversial 

By Eliza Frost

The Summer I Turned Pretty’s Chris Briney is at the centre of a new love triangle, but this time for an audio erotica story 

By Charlie Sawyer

First look at $1 billion UK mini city where controversial HBO Harry Potter series will be filmed

By Charlie Sawyer

How influencer Liv Schmidt promotes toxic eating habits through the Skinni Société 

By Abby Amoakuh

Harry Potter reboot hit with racist backlash for casting Black actor Paapa Essiedu as Severus Snape

By Charlie Sawyer

Harry Potter star defends Tom Felton over his controversial comments on JK Rowling’s transphobia

By Eliza Frost

Couples who meet online are less happy in love, new research finds

By Abby Amoakuh

From dinner parties to grocery flexing: Inside Gen Z’s new language of luxury

By Fatou Ferraro Mboup

Is Tate McRae a secret Trump supporter? Fans react to viral speculation

By Charlie Sawyer

Gen Zers are taking out travel insurance policies for their Labubus ahead of summer

By Eliza Frost

Controversial American Apparel owner just opened LA Apparel in NYC and TikTok girlies are flocking to shop

By Abby Amoakuh

BLACKPINK’s Lisa faces backlash after wearing civil rights icon Rosa Parks on her crotch at Met Gala

By Charlie Sawyer

Brooklyn Beckham and Nicola Peltz Beckham hire a lawyer to battle misinformation amid growing family rift

By Eliza Frost

All the Easter eggs from the first episodes of The Summer I Turned Pretty season 3

By Charlie Sawyer

From breaking up families to spreading rumours about Joe Biden’s death, here’s what QAnons been up to

By Eliza Frost

What is Shrekking? The latest toxic dating trend explained 

By Charlie Sawyer

Call Her Daddy host Alex Cooper accuses former soccer coach of sexual harassment in new docuseries