German teen claims he found a way to hack over 25 Tesla cars in 13 countries

By Alma Fabiani

Published Jan 15, 2022 at 08:57 AM

Reading time: 2 minutes

On Tuesday 11 January, 19-year-old David Colombo, a self-described “information technology security specialist and hacker,” wrote on Twitter that he had found flaws in a piece of third-party software used by a relatively small number of owners of Tesla cars, meaning that hackers could remotely control some of the vehicles’ functions.

According to Colombo, the flaws gave him the ability to unlock doors and windows, start the cars without keys and even disable their security systems. He also claimed that he could see if a driver is present in the car, turn on the vehicles’ stereo sound systems and flash their headlights.

In other words, hacking into the third-party software in question offered him the chance to control pretty much what he wants in most Tesla cars. Considering the fact that a Massachusetts Institute of Technology (MIT) study confirmed that Tesla’s autopilot is unsafe back in September 2021, this potential addition to the infamous cars’ list of dangers came as yet another blow to Elon Musk’s company.

In an interview with Bloomberg, Colombo provided screenshots and other documentation of his research that identified the maker of the software and gave more details on the vulnerabilities it presents. He asked that the publication not publish specifics however, because the affected company had not published a fix at the time of writing. On Twitter, Colombo added that he could access more than 25 Teslas in at least 13 countries, which is why he decided to share this information on the social media platform when he wasn’t able to contact most of the owners directly.

‘So what’s wrong exactly?’ some of you might be wondering. According to what Colombo told Bloomberg, “the problem involves an insecure way the software stores sensitive information that’s needed to link the cars to the program.” While it truly depends on who can access such information, in the wrong hands, it could be stolen and repurposed by hackers to send malicious commands to the cars, he continued to explain. He even showed Bloomberg screenshots of a private conversation he had on Twitter with one of the affected owners, who allowed him to remotely honk his car’s horn.

Since then, Colombo has been in touch with members of Tesla’s security team as well as with the maker of the third-party software. Tesla has a “bug bounty” programme where cybersecurity researchers can report vulnerabilities in the company’s products and, if validated, receive payment.

This latest discovery goes to show some of the remaining risks of moving to the so-called ‘Internet of Things’, where everything is connected online—thus becoming potentially vulnerable to hacking threats. “Just don’t connect critical stuff to the internet,” Colombo advised. “It’s very simple. And if you have to, then make sure it is set up securely.”

Keep On Reading

By Fatou Ferraro Mboup

UK medics told not to report illegal abortions to police due to women being wrongly prosecuted

By Fatou Ferraro Mboup

Florence Pugh reveals her mum got high with Snoop Dogg at the Oscars

By Charlie Sawyer

Real Legion from viral Who TF Did I Marry TikTok drama comes out with new response

By Fleurine Tideman

I’m still not over… 7 minutes in heaven

By Charlie Sawyer

M&S pulls Christmas advert post of burning hats after being called out by pro-Palestine supporters

By Fatou Ferraro Mboup

Woman miraculously comes back to life minutes before her own cremation

By Abby Amoakuh

Mother-daughter pole dancing class sparks uproar over concerns of child sexualisation

By Bianca Borissova

Explaining the absurdity of gatekeeping in TikTok’s viral Slavic Girl trend

By Abby Amoakuh

Neuralink’s human implant success sparks fear for the future of society

By Abby Amoakuh

Watch the first official trailer for Netflix’s new reality TV show, Squid Game: The Challenge

By Abby Amoakuh

The BDS movement and gen Z are boycotting Disney+, McDonald’s, and Starbucks. Here’s why

By Abby Amoakuh

21-year-old mistakes terminal cancer for normal back pain and dies within days

By Emma O'Regan-Reidy

It’s time we finally address the racist and problematic nature of Lululemon and its founder

By Fatou Ferraro Mboup

Two duvets, one love: How the Scandinavian sleep method transformed my nights

By Charlie Sawyer

Prime Minister Rishi Sunak sacks Home Secretary Suella Braverman as cabinet reshuffle begins

By Charlie Sawyer

Ron DeSantis’ obsession with the anti-woke agenda ruined his chances of becoming president

By Fleurine Tideman

PETA joins team Ariana against Tom Sandoval ahead of Vanderpump Rules season 11

By Charlie Sawyer

How did YouTuber Tana Mongeau become so rich? Stalker stories and messy relationships

By Fatou Ferraro Mboup

Miriam Margolyes angers adult Harry Potter fans after saying they need to grow up

By Abby Amoakuh

Who are the California Girls? Inside the women’s gang that stole $8 million in cosmetics and clothing