19 year old man said found faults In third-party software used by a relatively small number of Tesla car owners. These system vulnerabilities allow hackers to remotely control certain vehicle functions. David Colombo, who introduces himself as a computer security expert, assured on Twitter on Tuesday that he will be able to open doors, open and close windows, start the engine, manage infotainment, deactivate Sentinel Mode, etc. Each was able to try and know the exact position of the Tesla. If someone is on board. He also claimed that he could turn on the audio or headlights, but was unable to drive.
In an interview with Bloomberg, the young hacker provided screenshots and other documents related to his research, identifying the software maker, and detailing the vulnerabilities. He asked the outlet not to release them, as neither Tesla nor the third-party software maker has released a fix yet. David Colombo revealed that he was able to reach over 25 Teslas in at least 13 countries. He used Twitter when he could not get in touch with most of the landlords directly.
David Colombo recalls IoT vulnerability
A priori, the fault would come from the path, unsecured, in which the software stores the sensitive information needed to connect the cars to the program, David Colombo explained. In the wrong hands, this data can be stolen and reused by hackers to send malicious commands to vehicles, he said. He showed Bloomberg screenshots of a private Twitter conversation where one of the affected owners gave him permission to operate the buzzer remotely. If it seems to have been described as harmless, the young man specifies that pushing the volume of the car radio to the limit may be dangerous, for example, the risk of surprising a driver on the highway.
David Colombo said he was in contact with members of Tesla’s security team, but also with the maker of third-party software. According to him, their discovery highlights some of the risks associated with IoT (Internet of Things, Internet of Things) and reminds us that the security of Internet-connected objects and data remains essential. Also a way for them to expose their cyber security company Colombo Tech.