Hacking cars in the modern age may sound like something straight out a sci-fi movie but it turns out that smart cars have been targeted in brazen attacks according to cybersecurity research.
Perhaps the mental picture that you may be having about a would-be smart car hacker is that of a hooded threat actor lurking in a shadowy apartment tucked deep inside a run-of-the-mill residential area – but that cannot be further from the truth.
In a fresh twist, a 19-year-old cyber enthusiast has claimed that he managed to remotely hack into more than 25 Tesla cars operating across 13 different countries. The teen made the revelation in a series of social media posts that included claims that a software flaw in the Tesla units gave him an opening to the electric vehicle’s systems.
Identified as David Colombo, the self-proclaimed information technology guru was carrying out a security audit for a French firm when he made an accidental discovery; a software program on the company’s network which laid bare all the data about the Chief technology officer’s tesla vehicle.
What’s more, he found out that he could initiate commands remotely to tesla cars whose owners where using the program and published tweets describing how he exploited the software issue to remotely unlock doors and windows, start the cars without keys and shut their security systems (See screenshot below)
Figure 1: Screenshot of a Twitter thread about the teen's Tesla hacking exploits.
Further, the teen intimated that he is also able to detect driver presence within the cars, and go on to play around with the vehicle stereo sound systems and headlights.
In highlight, the teen did not provide clear information detailing the particular software vulnerability that provided him with the opportunity to gain access to the car systems, but pointed out that the flaw was not traceable to Tesla’s inherent software or makeup – he said, “It’s primarily the owners (& a third party) fault.”
Nonetheless, Colombo promised to provide more concrete details about the problem in a writeup and lauded Tesla for swinging into action to correct the flaw.
According to a Bloomberg article, Tesla has since turned down requests for comment although the teen was already contacted by a member of the firm’s security team to share findings as investigations commence.