The teenager says he remotely introduced more than 25 Tesla Automotive News

The 19-year-old security researcher said he exploited the software bug that was not within Tesla’s software or infrastructure.

A 19-year-old security investigator says he has hacked more than 25 Tesla Inc. cars in 13 countries remotely, and said in several tweets that a software error has allowed him to gain access to the pioneering EV systems.

David Colombo, who describes himself as an information technology specialist, tweeted on Tuesday that software bugs allow doors and windows to be unlocked, cars to be unlocked and their security systems to be disabled.

Colombo also said he could see if there was a driver in the car, he could turn on the stereo sound system of the vehicles and turn on the lights.

I think it’s pretty dangerous if someone is able to turn off the music at full volume remotely or open windows / doors while you’re on the highway.

Continuous removal of lights can have a (dangerous) effect on other drivers.

[4/X]

– David Colombo (@david_colombo_) January 11, 2022

The teen did not disclose specific details of the software’s vulnerability, but said it was not within Tesla’s software or infrastructure, adding that only a small number of Tesla owners were affected worldwide. His Twitter thread got a strong response, with over 800 retweets and over 6,000 likes.

“It’s primarily the fault of the owners (and third parties),” Colombo said in response to questions from Bloomberg News. “This will be described in more detail in my writing. But I’m glad to see Tesla taking action.”

A representative of Tesla in China declined to comment, and the automaker’s global press team did not respond to an email requesting comments outside of West Coast opening hours.

Yes, it is possible to unlock the doors and start driving the damaged Tesla.

No, I can’t interfere with anyone driving (starting with music at maximum volume or flashing lights) and I can’t drive these Tesla remotely.

[7/7]

– David Colombo (@david_colombo_) January 11, 2022

According to an online report, the US-based Tesla has a vulnerability reporting platform where security investigators can register their vehicles for testing, which Tesla can pre-approve. The company pays a maximum of $ 15,000 for a vulnerability rating.

Colombo later tweeted that he had contacted Tesla’s security team and said they were investigating the issue. The team said they will get back to him with any updates, he said.

(Updates with Colombo’s response in the fifth paragraph).