Teen Hacker Explains How He Gained Remote Access to Teslas Around the World

The 19-year-old German safety researcher who by some means managed to realize distant entry to dozens of Teslas unfold out around the globe has spilled the beans on how he did it.

In a Medium post, David Colombo supplied an in-depth accounting and timeline of his earlier experiment the place he claimed he may remotely run instructions (like adjusting a automobile’s stereo quantity, manipulating doorways and home windows, and even partaking Tesla’s “Keyless Driving” software), probably with out drivers ever figuring out. Colombo revealed he was in a position to acquire entry to the autos via a safety flaw in an open-source logging software known as TeslaMate. That software lets Tesla homeowners monitor extra granular information like their automobile’s vitality consumption and site historical past by using Tesla’s API. However, Colombo stated he was in a position to repurpose a handful of Tesla’s API Keys—which he stated had been saved unencrypted by TeslaMate—to run his personal instructions.

“You could run commands that annoy the shit out of the Tesla owner,” Colombo wrote, “And you could even steal the Tesla.” The write-up was a part of Colombo’s official accountable disclosure report submitted to Tesla’s safety group.

Colombo says he “found 25+ Tesla’s [sic] from 13 countries within hours.” The international locations the place the Tesla autos had been situated embody “Germany, Belgium, Finland, Denmark, the UK, the US, Canada, Italy, Ireland, France, Austria and Switzerland,” he wrote, including: “There were about at least an additional 30+ from China, but I really did not want to mess with China’s cyber security laws so I left them completely untouched.”

Since Tesla later revoked “thousands of keys,” Colombo stated, it’s potential the problem was much more widespread than his analysis uncovered.

Though Colombo was in a position to manipulate a surprising quantity of the automobile’s options, he doesn’t consider he would have been in a position to remotely transfer the automobile or manipulate steering or brakes. Colombo stated he reached out to each Tesla and TeslaMate and that fixes have been issued.

In his timeline of occasions, the researcher stated he first seen the vulnerability in a single automobile again in October 2021 earlier than discovering it in 20 extra early this month. Images on the weblog publish present detailed maps documenting the driving historical past of a number of of the affected autos with eerie precision. Colombo additionally included photographs of textual content message exchanges between himself and one of many affected Tesla homeowners. In that case, the proprietor gave Colombo permission to remotely set off his automobile horn.

Colombo additionally supplied some particulars on an extra flaw, this time in Tesla’s digital automobile key, that allowed him to acquire drivers’ e mail addresses. In an earnest effort to alert the beforehand affected drivers of the third-party flaw affecting their autos, Colombo stated he stumbled upon a flaw that allowed him to question drivers’ e mail addresses. Though Colombo was looking out particularly for the emails of homeowners of the affected autos, the software program flaw may probably be abused to search out emails related to different Tesla homeowners.

“​​At the beginning of the story I didn’t have any way to find owner-identifying information and now I can query email addresses even with revoked access,” Colombo wrote, “Kind of ironic!”

Colombo later clarified his findings in an interview with Bloomberg saying the flaw was present in an API for Tesla’s digital automobile key. The researcher stated he instantly notified Tesla’s safety group in regards to the e mail flaw and confirmed that they had shortly rolled out a patch to deal with the problem.

“There should be no way at all that someone could literally walk up to some Teslas they do not own and take them for a drive,” Colombo wrote.