Hacker, 19, Claims He Was Able to Remotely Access 25 Tesla Vehicles Worldwide Due to Software Flaw
In a series on Twitter on Tuesday, David Colombo claimed that he had been able to remotely access the vehicles and disable Sentry Mode-a feature that allows Tesla owners to monitor suspicious activities-unlock doors and windows, and start the cars without keys.
A 19-year-old security researcher in Germany claims he was able to remotely hack into more than 25 Tesla vehicles in 13 countries after discovering a software flaw in the company’s systems.
In a series on Twitter on Tuesday, David Colombo claimed that he had been able to remotely access the vehicles and disable Sentry Mode—a feature that allows Tesla owners to monitor suspicious activities—unlock doors and windows, and start the cars without keys.
Colombo also claimed that he could query the driver’s exact location and see if they were present in the car, adding that the list of things he could do was “pretty long.”
The teenager went on to state that the vulnerability was not due to Tesla‘s infrastructure but that it was “the owners [sic] faults” and that he would “need to report this to the owners” but did not reveal the exact details of the software vulnerability.
While Colombo said he was not able to remotely control steering or acceleration and braking in the vehicles, he joked that he could “remotely rick roll the affected owners by playing Rick Astley on Youtube in their Tesla’s.”
“Yes, I potentially could unlock the doors and start driving the affected Tesla‘s. No, I can not intervene with someone driving (other than starting music at max volume or flashing lights) and I also can not drive these Tesla‘s remotely,” Colombo wrote on Twitter.
“I think it‘s pretty dangerous if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway. Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers,” Colombo said.
“That‘s why I would like to get this all fixed before I release any specific details regarding what exactly this all is about,” he said, adding that he had contacted MITRE, the American not-for-profit organization that provides engineering and technical guidance for the federal government.
The teenager said that he was also in contact with the affected Tesla vehicle owners. He did not provide photographic or video evidence to support his claims.
In an updated Twitter post, columbo said that he had been in contact with Tesla‘s Security Team who had confirmed they were investigating the incident and would update him. The MITRE Common Vulnerabilities and Exposures Assignment Team had also “reserved a CVE for it,” he said.
Colombo and Tesla have not responded to a request for comment.
Tesla vehicles have encountered a number of safety issues including with their autonomous driving features.
In August last year, the National Highway Traffic Safety Administration (NHTSA) opened a formal probe into Tesla’s Autopilot and full self-driving (FSD) systems following nearly a dozen crashes with parked emergency vehicles that left one person dead and injured 17 others. On Aug. 31, that investigation was expanded to cover a 12th incident (pdf).
In October, Tesla withdrew the latest version of its FSD beta software just one day after it was released after the company’s internal quality assurance found problems with some left turns at traffic lights.
Tesla has a vulnerability disclosure platform where security researchers can report legitimate vulnerabilities in Tesla vehicles and are rewarded with up to $15,000 for a qualifying vulnerability.
Katabella Roberts is a reporter currently based in Turkey. She covers news and business for The Epoch Times, focusing primarily on the United States.
The Epoch Times is the fastest-growing independent news media in America. We are nonpartisan and dedicated to truthful reporting.
We are free from the influence of any government, corporation, or political party—this is what makes us different from other media organizations. Our goal is to bring our readers accurate information so they can form their own opinions about the most significant topics of our time.
We don’t follow the unhealthy trend of agenda-driven journalism prevalent in today’s media environment. Instead, we use our principles of Truth and Tradition as our guiding light. We highlight in our reporting the best of humanity, the valuable lessons of history, and traditions that are beneficial for society.
The Epoch Times was founded in the United States in the year 2000 in response to communist repression and censorship in China. Our founders, Chinese-Americans who themselves had fled communism, sought to create an independent media to bring the world uncensored and truthful information.
The Epoch Times has received numerous awards for our reporting and design, including from the New York Press Association, the Society of Professional Journalists, and the Society for News Design.
The Epoch Times’ media network currently covers 21 languages and 33 countries.