A 19-year-old security analyst from Germany claims to have been capable of remotely hacking into the security of more than Tesla vehicles across 13 countries after discovering an issue with the software Tesla’s system.
Through tweets on Twitter this week, David Colombo claimed that he could remotely access the vehicle and turn off Sentry Mode. This feature lets Tesla owners track suspicious activity, unlock doors and windows, and begin the car without keys.
Colombo claimed he could inquire about the driver’s location and determine whether they were in the vehicle. He also said that his list of possibilities could do was “pretty long.”
The teen was later quoted as saying that the vulnerability wasn’t caused by Tesla” ‘s infrastructure but was “the owners’ of the company’s faults” and that the teen “needed to inform the owners” but did not disclose the specifics of the software flaw.
Although Colombo claimed he couldn’t control the cars’ steering, acceleration, or braking, he jokingly said it was possible to “remotely rick roll the affected owners by playing Rick Astley on Youtube in their Tesla’s.”
“Yes, I might open the doors and use these affected Teslas. However, I am not able to interfere in the driving of another (other than triggering music at a maximum intensity or flashing the lights), and I’m also able not to operate these Teslas remotely.” Colombo wrote on Twitter.
“I believe it”‘s hazardous if a person can remotely blast music to full blast or open doors or windows while you’re driving. Flashing the lights continuously could result in a (dangerous) impact upon other motorists,” Colombo said.
“That” ‘s why I’d like to see this resolved before I share any details about the specifics of what this is all concerning,” he said, saying he’d reached out to MITRE. This American non-profit organization offers technical and engineering advice to all federal agencies.
The teen claimed that they also had contact with involved Tesla car owners. He did not offer photographs or videos to prove his claims.
In a Twitter update, Columbo said that he was communicating with Tesla” ‘s Security Team, who had confirmed that they were looking into the incident and would inform the public. In addition, the MITRE Common Vulnerabilities Assignment team had also “reserved a CVE in the event of an incident,” he said.
Colombo and Tesla haven’t responded to requests for comments.
Tesla vehicles have faced various safety issues, such as their autopilot features.
In August, authorities from the National Highway Traffic Safety Administration (NHTSA) launched an official investigation to investigate Tesla’s Autopilot and fully auto-driving (FSD) systems following more than 12 crashes involving emergency vehicles parked in the parking lot that caused one death while 17 were injured. On August. 31st, the investigation was extended to cover another incident.
In October, Tesla removed the most current version of FSD’s beta software one day after its release because its internal quality assurance team discovered issues in some left-hand turns at traffic signals.
Tesla offers a vulnerability disclosure program that allows security experts to identify legitimate weaknesses in Tesla vehicles and receive a reward with a maximum of $15,000 for an identified vulnerability.