A teen hacker explained how he gained access to all Tesla models across the world.
Despite how scary it is, the hacker clarified that he cannot move the car or controlled the steering or brakes remotely.
Teen Hacker Explains How He Gained Access To All Tesla Models
Gizmodo reported that a 19-year-old German security researcher who figured out how to acquire remote access to dozens of Teslas all across the world has revealed his method.
In a Medium post, David Colombo explained the details and timeline of a previous experiment in which he claimed to be able to remotely execute commands without the drivers' knowledge.
The said command includes adjusting a vehicle's stereo volume, manipulating doors and windows, and even engaging Tesla's "Keyless Driving" tool.
Colombo said that he gained access to the vehicles by exploiting a security hole in TeslaMate, an open-source logging application.
Using Tesla's API, this program allows Tesla owners to track more detailed information, such as their vehicle's energy use and location history.
The teen hacker also claimed to have been able to reprogram a few of Tesla's API Keys, which he said TeslaMate had left unencrypted to perform his own instructions.
Colombo also revealed details about a second vulnerability, this time in Tesla's digital car key, which allowed him to get drivers' email addresses.
He further said he ran across a flaw that enabled him to access a drivers' email addresses in an earnest effort to warn the previously impacted drivers of the third-party problem impacting their vehicles.
He also claimed to have "discovered 25+ Tesla's [sic] from 13 countries within hours," including Germany, Belgium, Finland, Denmark, the United Kingdom, the United States, Canada, Italy, Ireland, France, Austria, and Switzerland.
Apart from these countries, he also added that there were probably another 30 or so from China, but he did not want to jeopardize China's cyber security rules.
Despite the fact that Colombo was able to control a surprising number of the car systems, he does not believe he could have moved the car or controlled the steering or brakes remotely.
To fix this issue, he contacted both Tesla and TeslaMate, and that patches have been delivered.
Can Tesla EVs Be Hacked?
As electric vehicles and semi-automated vehicles become more common, cybersecurity risks are becoming more prevalent.
Simiral to the teen hacker, Wired reported through The Next Web that researcher at KU Leuven Lennert Wouters "stole" a Tesla Model X in 90 seconds.
Having found a security vulnerability in its keyless entry system, he only spent $300 in computer hardware pieces, including a Tesla body control module from eBay, and some coding.
Moreover, a new study led by University of Georgia experts discovered that automated electric automobiles are far more vulnerable to hacking than regular internal combustion engine vehicles.
In addition to this, The Next Web stated four reasons why electronic vehicles (EVs) are hacked.
To further emphasize the said reasons, EVs powertrain is made up of a number of complicated and integrated cyber-physical systems that must be constantly monitored and controlled.
Additionally, the adaptive cruise control and auto-assist functions are examples of technologies that are part of a networked infrastructure that can be controlled by third parties.
Aside from the two reasons, it is worth noting that the increased connectedness of vehicles through charging points and smart grids is the same.
Similarly, their improved infotainment systems enable them to expose themselves to greater quantities of exposure.