Teen hacker finds bug that allows remote control of dozens of Tesla electric cars

Tram Ho

A young hacker and IT security researcher has found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted today.

However, hacker David Colombo explained in his post that the vulnerability “is not a hole in Tesla’s infrastructure. It’s the owner’s fault.”

Hacker tuổi teen tìm thấy lỗi cho phép điều khiển hàng chục xe điện Tesla từ xa - Ảnh 1.

Specifically, he claims to be able to remotely disable a car’s camera system, unlock doors and open windows, and even start driving without a key. He was also able to determine the exact location of the vehicle.

However, Colombo explained that he couldn’t really interact with any of Tesla’s steering, throttle or braking systems. So at least we don’t have to worry about an army of remote-controlled trams roaming the streets.

Colombo said he reported the issue to Tesla’s security team, and they are investigating the matter.

Not long ago, a third-party Tesla app called TezLab reported that it had seen “the simultaneous expiration of thousands of Tesla vehicle validation tokens from the Tesla side.” TezLab’s app uses Tesla APIs, allowing apps to do things like log in to the vehicle and turn on or off the anti-theft camera system, unlock doors, open windows, and more.

Hacker tuổi teen tìm thấy lỗi cho phép điều khiển hàng chục xe điện Tesla từ xa - Ảnh 2.

The incident immediately aroused skepticism, especially from those who are not sympathetic to electric cars.

“I prefer my computer without wheels. And I want my car not to connect to the internet.”

“It’s really hard to see how this is the end user’s fault. unless it involves weak passwords.”

“From the statement ‘it’s the owner’s fault, not the Tesla flaw’, this is the concept of ‘hacking’ in the sense of using someone’s key left under the rug to open the ‘door lock’.

Tesla has an api. The user who wants to use the api will generate a key. Users share the key with the apps or services they want to communicate with Tesla. If the key is left in an unsafe place, someone can access the api as they are.”

“I disagree, while there is clearly shared responsibility for anything, the potential disaster of many remote-controlled vehicles means that manufacturers need to take more responsibility to ensure these situations are very difficult to achieve.”

“I get a little annoyed at the thought of trusting another app with something like Tesla. I hardly trust the manufacturer let alone 3rd party.”

“Is it possible to have a Tesla that is not connected to the internet? I disconnected the cellular antenna from my car (not a Tesla) so it didn’t work.”

Refer to arstechnica

Share the news now

Source : Genk