A teenage hacker by the name of David Colombo claims to have gained remote control of more than 25 Tesla vehicles located in 13 different countries.
As Ars Technica reports, the 19-year-old Colombo posted a Twitter thread explaining how he can trigger a range of actions remotely, but there’s a twist to this story. He didn’t manage to hack Tesla’s security to take control, in fact, there is no security vulnerability in play here. Colombo states “it’s the owners faults” he has managed to gain access to their cars.
Because there is no vulnerability, Colombo decided to try and tell the owners directly, but he has no way of finding them. He’s also not willing to publicly disclose how vehicle control was achieved for understandable reasons. The functionality he managed to unlock includes “disabling Sentry Mode, opening the doors/windows and even starting Keyless Driving.” The hack doesn’t allow Colombo to control the steering, acceleration, or breaking, but the “list is pretty long” of what’s possible.
For now, Colombo is talking to the not-for-profit organization MITRE regarding how to go about reporting the hack as a CVE, but he’s also preparing a detailed account for public consumption as well as continuing to try and figure out how to tell the vehicle owners (with the help of Tesla). Tesla’s security team is also investigating the hack and has told Colombo it will be in touch soon.
Recommended by Our Editors
In a follow-up tweet, Colombo references several thousand Tesla authentication tokens expiring, which was apparently triggered by his hack report to Tesla. It means users of third-party Tesla app TezLab will be forced to sign into the app again in order to re-establish the link with their Tesla.
Get Our Best Stories!
Sign up for What’s New Now to get our top stories delivered to your inbox every morning.