A photo of the Tesla app's car controls.
Tesla

When it comes to electric vehicles, cyber threats are a growing concern. And while we’ve seen reports of hackers messing with Tesla vehicles in the past, recently, a teenager claims to have access to 25+ Teslas spanning more than ten different regions.

A 19-year old self-proclaimed IT specialist, David Colombo, added a lengthy thread on Twitter detailing his claims. The statements suggest he found a security flaw that allows for access to Tesla’s systems, where he then remotely can control several vehicles. However, Colombo was quick to confirm that this isn’t an issue with Tesla’s security system itself but rather a problem on the owner’s end.

The youngster goes on to say he’s able to unlock doors, roll down windows, access a car’s remote camera system, and even begin the early stages of keyless driving. That said, he cannot access driving mechanisms, like the throttle or steering, but he claims he can even discover the location of vehicles. It’s safe to say he won’t be summoning your Tesla Model S anytime soon, but it’s still a troubling discovery.

In another tweet, David Colombo said, “I think it’s pretty dangerous if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway.”

If there’s a silver lining, it’s that he’s only been able to do this on around 25 or so vehicles in select regions and by accessing an owner-side system, not Tesla’s infrastructure. Since the finding was first reported, Colombo mentioned that he’d informed Tesla’s security team, which is investigating.

We’ve since seen Tesla reset the security for several third-party apps, but the 19-year old suggests some of those apps are not related to the current situation.

Either way, hackers being able to access Tesla vehicles remotely is certainly a cause for concern, and we can expect more details or security upgrades in the future to address the situation. Tesla is quick when it comes to updates, so stay tuned. Unfortunately, Tesla doesn’t operate a press team, so we could not reach out for comments.

via Ars Technica




Source link