A 19-year-old has recently proven that he can hack into dozens of Tesla vehicles through flaws in a piece of third-party software.
Indeed, David Colombo, who is based in Germany, shared on Twitter that the flaws allowed him to remotely control some of the vehicles’ functions such as unlocking doors and windows, starting the cars without keys, and even disabling the security systems. Colombo stated that he had access to more than 25 Teslas in at least 13 countries.
The flaw comes from a vulnerability in the way the software stores sensitive information that is needed to link the cars to the program. This information could be stolen and exploited by hackers to get access to the cars. The specifications of the flaw were not released yet as the organization has still to fix the issue. This thus highlights the risks of moving to the Internet of Things (IoT) where everything is connected online and becomes vulnerable.
Tesla offers a ‘bug bounty’ program that allows cybersecurity researchers to report vulnerabilities and receive payment in exchange. Colombo stated he hasn’t been in touch with members of Tesla’s security team or the maker of the third-party software.