Security researcher took remote control of 25 Teslas in 13 countries


New Delhi, Jan 25 (IANS): In what could put Tesla drivers at high security risk, a security researcher took remote control of at least 25 Tesla cars in 13 countries without the owners knowledge.

He could disable Sentry Mode, open the doors/windows and even start Keyless Driving. This was "pretty dangerous, if someone is able to remotely blast music at full volume or open the windows/doors while you are on the highway".

The Germany-based security researcher that goes by the name of David Colombo, said in a tweet thread that he was able to remotely access dozens of Teslas around the world because of security bugs found in an open source logging software called 'TeslaMate'.

TeslaMate is a free-to-download logging software used by car owners to connect to their vehicles and access their cars' data.

This tool exposed Tesla cars directly to the Internet.

"This is not a vulnerability in Tesla's infrastructure. It's the owners' faults," Colombo said.

"Nevertheless I now can remotely run commands on 25+ Teslas in 13 countries without the owners' knowledge," he added.

"I could also query the exact location, see if a driver is present and so on. The list is pretty long," he mentioned.

"Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers," he continued.

Tesla's security team later told the security researcher they were investigating the matter.

The bug has now been fixed but this raises grave questions about what if such tools are hacked by state-sponsored cyber criminals.

It is even possible to extract the Tesla users' API key from the exposed dashboard, allowing a hacker to retain access to Teslas without the owners' knowledge.

 

  

Top Stories


Leave a Comment

Title: Security researcher took remote control of 25 Teslas in 13 countries



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.