David Colombo, a 19-year-old cybersecurity researcher, accidentally came across a vulnerability that allowed him to control a dozen Tesla cars, Vice reported. Digging deeper, he found hundreds of cars in Germany, Belgium, Finland, Denmark, the UK, the U.S., Canada, and China, that were at risk from this vulnerability.
Colombo has been coding since he was 10 years old and attends school only for two days a week while spending the rest of his time consulting firms on cybersecurity issues and honing his skills. During one such audit at a French firm, Colombo found that a software program on the network exposed data about the chief technology officer’s Tesla vehicle, including its current as well as historic location, Bloomberg reported.
The software program is not owned by Tesla but a third-party whose details are currently under wraps to give the concerned organization sufficient time to fix the issue. When Colombo accessed the vulnerability, he was able to push commands such as disabling security features, opening, and closing doors, and turning up the music to cars in different parts of the world.
In all, Colombo found 25 Tesla vehicles that were vulnerable to an attack and even contacted three Tesla owners, one in Germany, the U.S., and Ireland, each using the personal information the car owners had shared with their cars. One of the owners helped him confirm his findings. after Colombo could remotely blow the Tesla’s horn, Bloomberg reported.
Upon deeper analysis, Colombo found that the vulnerability could affect hundreds of cars and decided to publicly disclose this information since he could not find the contact details of these car owners. Although the vulnerability doesn’t give the hacker access to the car’s steering, acceleration or braking functions, Colombo thinks it is still significant to cause harm if the hacker has malicious intent.
Colombo has stressed that the flaw is not with Tesla’s systems and that he is working with the makers of the third-party app, which only some Tesla owners use to fix the issues.
This isn’t the first time a security flaw has been found in a Tesla car. Earlier a software vulnerability allowed a hacker to turn off a moving Tesla’s engine. In 2019, Tesla has offered cybersecurity researchers a Model 3 if they could hack into its car.
We have reached out to Tesla for a comment and shall update the story when a response is received.