19-year-old German security researcher somehow managed to gain remote access to dozens of Tesla scattered around the world and spilled beans on how he did it.
Medium Position, David Colombo provided a detailed description and timeline of previous experiments. He claimed that he could potentially perform commands remotely, such as adjusting the vehicle’s stereo volume, manipulating doors and windows, and even manipulating Tesla’s “keyless driving” tools, without a driver. I know so far. Colombo has revealed that vehicles can be accessed through a security flaw in an open-source logging tool called TeslaMate. With this tool, Tesla owners can leverage Tesla’s API to monitor more detailed data such as vehicle energy consumption and location history. However, Colombo said he could reuse some of Tesla’s API keys to store them unencrypted by Teslamate and execute his own commands.
“You can run commands that bother the shit of Tesla owners, and you can even steal Tesla,” Colombo wrote. This article was part of Colombo’s official and responsible disclosure report submitted to Tesla’s security team.RELATED
Colombo says, “I found more than 25 Tesla.” [sic] Within hours from 13 countries. Countries, where Tesla vehicles are installed, include “Germany, Belgium, Finland, Denmark, United Kingdom, United States, Canada, Italy, Ireland, France, Austria, Switzerland”. I’m a Chinese over 30 years old, but I didn’t want to mess with Chinese cybersecurity laws, so I left them completely untouched. “
Since Tesla later revoked the “thousands of keys,” Colombo said the issue could have been far more extensive than his research revealed.
Colombo was able to manipulate the shocking amount of car features, but he does not believe he was able to move the car remotely or control the steering and brakes. Colombo contacted both Tesla and Tesla Mate and stated that an amendment had been issued.
Researchers said on the event timeline that they first noticed a single-vehicle vulnerability in October 2021 and then discovered a vulnerability in another 20 vehicles earlier this month. The image in the blog post shows a detailed map of the driving history of some of the affected vehicles with eerily accurate accuracy. Colombo also contained images of text message exchanges between himself and one of the affected Tesla owners. In that case, the owner gave Colombo permission to remotely trigger his car’s horn.
Colombo also provided details about additional flaws that allow Tesla’s digital khakis to get the driver’s email address, this time around. Colombo said he encountered a flaw that allowed him to query the driver’s email address in a serious effort to warn previously affected drivers of third-party flaws affecting the vehicle. Colombo was specifically searching for emails from affected vehicle owners, but a software flaw could be exploited to find emails related to other Tesla owners. ..
“At the beginning of the story, there was no way to find information that could identify the owner. Now you can query your email address even if access has been revoked,” Colombo wrote. “It’s ironic.”
Colombo later discovered him interview Bloomberg says the flaw was found in Tesla’s digital car key API. The researchers said they immediately notified Tesla’s security team about the flaw in the email and confirmed that they had immediately released a patch to address the issue.
“There shouldn’t be any way anyone could literally walk to a Tesla that they don’t own and take them to a drive,” Colombo wrote.