Teen Hacker Finds Way to Control Teslas Remotely

Control Teslas Remotely

A 19-year-old hacker and IT security researcher from Germany has found something that highlights one of the risks of IoT tech. He discovered a flaw in open source software available for Tesla electric vehicles. This flaw allowed him, for more than 25 of the vehicles, to control Teslas remotely.

A Vulnerability in Third-Party Software

Before you park your Tesla for good, the teen explained the flaw isn’t within Tesla’s infrastructure. It also doesn’t allow someone to take over the car’s driving.

The teen, David Colombo, reported the issue to Tesla’s security team. Those engineers are investigating the issue, but it’s basically a misconfiguration of the open-source project called Teslamate.

Control Teslas Remotely Interior

The developer behind Teslamate describes it as a “self-hosted data logger for your Tesla”. It allows a Tesla owner to collect drive and charging reports, driving efficiency data, update history, visited addresses, and more.

When properly configured, Teslamate offers great metrics for owners of the electric vehicle. However, misconfiguring the software opened up authentication to many of the car’s controls for Colombo.

How the Hacker Could Control Teslas Remotely

Colombo confirmed he couldn’t take over steering, throttle, or brakes from the car’s owner. However, he could control Teslas remotely as far as disabling the remote camera system, unlocking the doors, opening the windows, and even determining the car’s exact location.

Potentially, Colombo says, he could unlock the doors and start driving a Tesla, if it wasn’t already being operated. He hasn’t tried that, and says he “can not intervene with someone driving (other than starting music at max volume or flashing lights”.

Colombo reported his discovery on Twitter, which promptly exploded with criticism both for and against Tesla. Despite numerous requests for more information, such as screenshots, of the exploit, the security researcher hasn’t provided those details.

He wants to see it fixed, first, which is a very responsible attitude to hold. Teslamate may have already released a patch that prevents the misconfiguration that made all this possible.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!