The 19-year-old tweeted that he discovered a software flaw that allows him to “disable Sentry Mode, open the doors/windows and even start Keyless Driving.”
An independent security researcher claims he has hacked two dozen Tesla vehicles worldwide and can remotely run commands to control the cars.
Over the last several years, Tesla has invested in cybersecurity and worked with security researchers to mitigate cyberpunks from hacking into their cars.
However, David Colombo, a 19-year-old security researcher, tweeted Monday that he discovered a software flaw that allows him to “disable Sentry Mode, open the doors/windows and even start Keyless Driving.”
So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…
— David Colombo (@david_colombo_) January 10, 2022
Colombo said he could even “query the exact location, see if a driver is present and so on.”
“I think it’s pretty dangerous if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway. Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers,” he went on to say.
Colombo’s tweet about the hack has gone viral with more than 6k likes and 1.2k retweets. The teenager didn’t reveal details about the software vulnerability but said he was preparing to release a report on the issue.
He noted his control over the electric cars was not “full remote control,” which means he couldn’t remotely control steering or acceleration and braking.
On Tuesday, Colombo said Tesla’s Security Team is “investigating and will get back to me with updates as soon as they have them.”
Tesla has offered a bug bounty program of $1 million and a free car to security researchers who can hack the Model 3. There was no word on what model Colombo was able to exploit.
Bug hunting incentives have made Tesla stress test and improve its security systems.
One of the most fascinating hacks happened a few years ago when a drone remotely hacked a Tesla car.