On Monday, Jan. 10, David Colombo, a self-described IT security expert and hacker made a successful attempt to hack his way into Tesla.
The Tesla hacking was made by the said juvenile hacker from Germany who claimed to have taken partial control of over 20 Tesla vehicles in 13 countries around the world.
So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…
— David Colombo (@david_colombo_) January 10, 2022
On Twitter, the 19-year-old hacker claimed that he could disable the sentry mode protection on these electric vehicles, open windows and doors, control music and vehicle lighting, and start keyless driving remotely.
The vulnerability was reported on Twitter by Colombo himself, who stated that the issue does not lie with the Elon Musk-founded company, but rather with Tesla owners.
According to reports, the hole was discovered in third-party software, allowing Colombo to open doors and windows, start automobiles without keys, and disable security systems.
He further stated that the flaw allowed him to eavesdrop on the driver using Tesla’s internal cameras.
It is not a weakness in Tesla’s system, but rather caused by the Tesla owners and a third party, Colombo told DailyMail.com, indicating that third-party software is to blame.
He then stated that he is in close communication with the Tesla Product Security Team serving as a third-party service provider to coordinate disclosure and get the affected owners informed, as well as provide a solution to patch for the vulnerability rolled out.
The problem is spotted to be in the system of how it stores the Tesla owner’s data that is needed to link the cars to the software.
Prize Money for Tesla Hacking
Colombo then expressed his apologies for the inconvenience he caused.
I apologize for the inconvenience 😅 https://t.co/H7ZmalGvtB
— David Colombo (@david_colombo_) January 12, 2022
According to the Silicon Republic, Tesla’s security team has verified that they are examining the vulnerability, and Mitre’s common vulnerabilities and exposures (CVE) security team has “reserved a CVE” for this vulnerability.
TezLab, the Tesla EV companion app, said on Twitter on Wednesday, Jan. 12, that thousands of authentication tokens expired at the same time, requiring many TezLab users to check in again to re-establish a connection to their vehicles.
Tesla has a bug reward program through BugCrowd, for a qualifying vulnerability, the corporation will pay up to $15,000.
This is where people can report exposure of a vulnerability disclosure site where security researchers can report suspected product and service flaws.
As reported by the New York Post, the hacker later clarified and altered the statement, saying he was never able to take over the cars to control braking, steering, or acceleration.
He also said in the following tweets that he is capable of potentially unlocking the doors and starting driving the afflicted Teslas, but he can’t intervene with someone driving apart from cranking up the music or flashing lights.
In addition to that, he also claimed that he can’t operate these Teslas remotely.
The viral Twitter thread is garnering over 6,600 reactions, 1,300 shares, and nearly 300 replies.
David Colombo is a cybersecurity expert, according to his LinkedIn account.
He claims that he wrote his first piece of code at the age of ten, and that the goal of his organization is to assist any business in becoming protected from threat actors in cyberspace.