Tesla hacked by a third-party software

Abdul Ghani

A security gap in third-party software makes it possible to control a number of functions in the affected Tesla vehicles.

Tesla (Can be hacked by a third party software)Screen Post From Pexels

19-year-old security researcher David Colombo warns of a security hole in third-party software that can be used to hack Tesla vehicles. This means that functions such as unlocking doors and windows or deactivating the security system (Sentry Mode) can be controlled remotely. It should also be possible to start a vehicle without a key.

In this way, Colombo wants to be able to access 25 Teslas in 13 countries. Unable to contact most of the Tesla owners directly, he posted a warning on Twitter. He showed Bloomberg magazine screenshots of a conversation with a Tesla owner who allowed him to remotely honk his Tesla.

Apparently, the not mentioned third-party software is used by a relatively small part of Tesla owners, correspondingly few are specifically affected by the security gap. However, it shows how dangerous it can be to extend the Internet of Things (IoT) to cars or to dock software from other manufacturers on cars or other important and dangerous objects or services.

"I think it is quite dangerous if someone plays from afar music at full volume or can open doors, the windows/while on the highway on the way you are", Colombo writes on Twitter. "The constant blinking can also have a (dangerous) influence on other drivers." After all: steering or braking does not allow the security gap. Another Twitter user interjects, however, that the API does not allow the doors to be opened while driving. Another user points out: "If you can do all these things, think about what Tesla boss Elon Musk can control."

Tesla and third-party manufacturers have been informed about security vulnerabilities

According to Bloomberg, further screenshots show details of the vulnerability and the manufacturer of the software. However, the security researcher passed this on with the request not to publish it, as the vulnerability had not yet been resolved. The security researcher is therefore in contact with the Tesla security team and the manufacturer of the third-party software.

Colombo told the magazine that the problem lies in an insecure way in which the third-party software stores information in order to link the cars to the program. That sounds like an unprotected API key or access token. However, it should not be a security gap in Tesla's infrastructure.

"Just don't connect critical things to the Internet," said Colombo. "It's easy. And if you do have to, make sure it's set up securely."

Comments / 9

Published by

Member Of Freelancers Union (USA), Freelance Writer!, and Digital Creator. Ghani Mengal is an enthusiast Freelance blogger and digital marketer. His content has been published and featured on many popular blogs, websites, and publications. Including TeelFeed, LifeHack.org, Data-Driven Investor, TextSniper, Scientific Publication The Predict, The Startup, The Ascent, Heart Affairs, Illumination, And The List goes on.

New York, NY

More from Abdul Ghani

Comments / 0