A 19-year-old hacker claims to have been able to open the doors and windows of over 25 Tesla vehicles in 13 countries, as well as turn on their radios, flash their headlights, and even start their motors and begin “keyless driving.”
David Colombo, who claims to be an IT expert based in Germany, also claims to have been able to disable the vehicles’ anti-theft systems and determine whether or not a driver is present.
In a Monday tweet, Colombo claimed to have “complete remote control” of the Tesla’s, but he later clarified that he was never able to “remotely manage steering, acceleration, or brakes.”
He wrote, “Yes, I could potentially unlock the doors and start driving the afflicted Tesla’s.” “I can’t intervene with someone driving (apart from cranking up the music or flashing lights), and I can’t operate these Tesla’s remotely.”
Colombo tweeted on Tuesday that his breach was “not a vulnerability in Tesla’s system,” but rather “the flaws of the owners.” “There appears to be no way to find the owners and report it to them,” he tweeted on Monday.
So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…
Colombo said on Tuesday that he had been contacted by Tesla officials who are looking into the matter.
Tesla has been contacted by The Washington Post for comment.
Colombo’s tweet went viral, garnering over 6,600 reactions, 1,300 shares, and nearly 300 replies.
Colombo claims he was able to lock and unlock doors, open windows, and disable the anti-theft system remotely, davidcolombo/Twitter
Colombo is a cybersecurity expert, according to his LinkedIn page. He claims to have “written my first piece of code at the age of ten,” and his company’s mission is to “assist any organization in becoming protected from the ever-evolving and deadly threat actors in the cyberspace.”
Elon Musk, the CEO of Tesla, promised last fall that he would work with regulators to ensure that the personal data of electric car drivers is protected from hackers.
“Data security of automobiles is generating more public worries than ever before, thanks to the rapid rise of autonomous driving technology,” he said by remote hook-up at an electric vehicle conference in China.
There will be an estimated 470 million vehicles connected to a computerized database by 2025, making them prime targets for cybercriminals.
According to Tech Monitor, the automobile cybersecurity business is predicted to be worth $4 billion by the same year.
On Twitter, Colombo claimed to have disabled Sentry Mode, an anti-theft feature in which a built-in camera acts as a de facto alarm system.
When an alert is received, cameras in the area of the vehicle begin recording. Through a mobile app, the film is subsequently sent to the vehicle’s owner.
“The hack, according to Colombo, was caused by owners’ mistakes rather than any vulnerability in Tesla’s infrastructure.”
Colombo later tweeted that he had spoken with Tesla’s security staff and that they were looking into the matter. He was told that the team would contact him with any updates.