Teen says he hacked more than 25 Tesla cars remotely Industry News

The 19-year-old security researcher said the software flaw he exploited was not in Tesla’s software or infrastructure.

go through Bloomberg

A 19-year-old security researcher claims to have remotely hacked more than 25 Tesla vehicles in 13 countries, saying in a series of tweets that a software flaw gave him access to the electric vehicle pioneer’s systems.

David Colombo, a self-described information technology expert, tweeted Tuesday that the software flaw allowed him to unlock doors and windows, start the car keyless and disable its security system.

Colombo also claimed he could see if there was a driver in the car, turn on the car’s stereo and flash the headlights.

The teenager did not disclose the exact details of the software bug, but said it was not within Tesla’s software or infrastructure, adding that only a handful of Tesla owners worldwide were affected. His Twitter post was a huge hit, with over 800 retweets and over 6,000 likes.

“This is mainly the fault of the owners (and third parties),” Colombo said in response to questions from Bloomberg News. “This will be described in more detail in my article. But it’s great to see Tesla taking action now.”

Representatives for Tesla in China declined to comment, while the automaker’s global news team did not respond to emails seeking comment outside West Coast business hours.

According to an online report, U.S.-based Tesla has a vulnerability disclosure platform where security researchers can register their vehicles for testing and Tesla can pre-approve. The company paid up to $15,000 for eligible vulnerabilities.

Colombo later tweeted that he had been in contact with Tesla’s security team and said they were looking into the issue. The team said they would provide him with any updates, he said.

(Updated Colombo’s response in fifth paragraph.)