Facial palm: This week, a teenager reported that he had been granted remote access to around two dozen Tesla cars in several countries and was trying to contact their owners. The list of things it can do to affected vehicles is long and dangerous.
Nineteen-year-old David Columbo, IT security specialist reported in a Twitter thread Monday and Tuesday that he took full control of more than 25 Teslas in 13 countries without the knowledge of their owners. He doesn’t want to reveal exactly how he did it until he reports the vulnerability to the nonprofit Miter. However, Columbo said this was due to errors on the part of the owners, and not a security breach in Tesla’s software.
So I now have full remote control of over 20 Tesla in 10 countries and it seems like there is no way to find the owners and report it to them …
-David Colombo (@david_colombo_) January 10, 2022
Columbo said it can find the precise location of each car, turn off their security, open their doors and windows even when they’re on the road, play music and YouTube videos at full volume, and more. While Columbo cannot remotely drive the cars, he could steal them if he was in their physical locations. Tesla’s security team has previously told Columbo that they are investigating the matter.
Even though Columbo says it’s not Tesla’s fault, it could still be a PR problem for the company, portraying cars as increasingly vulnerable in the minds of consumers. Late last year, Tesla recalled a significant number of vehicles sold in the United States due to trunk lid issues. This incident could also affect the development of Tesla’s autonomous driving mode, which is still in beta.