There are many perks to buying the fancy vehicles made by Tesla, but it seems that safety and security are still not one of them.
Tesla has become one of the most prestigious cars around with owners continuously bragging about its unique features compared to other car brands.
Starting from its impressive battery range compared to other electric vehicles, to the outstanding quality in terms of driving quality, its reputation as a zero-emissions car, and it is smooth and luxurious design, the Tesla has gained its name.
However, and despite the long-promoted "safety" promises by the cars' manufacturers, it seems that this component is yet to be proven.
In recent years, several incidents have compromised Tesla cars' reputation as safe ones, especially successful hacking attacks that have provided non-owners with full access and control over vehicles.
The most recent attack took place this month when a 19-year old German IT specialist and researcher exploited the advanced car system and gained access to at least 25 cars in 13 different countries around the world.
Since these important facts seem to drown between other comments, I‘ll add them here again 👇
— David Colombo (@david_colombo_) January 11, 2022
This is not a vulnerability in Tesla‘s infrastructure. It‘s the owners faults. That‘s why I would need to report this to the owners as stated above.
[1/X]
Through this remote breach, David Colombo was able to unlock doors, open and close windows, start keyless driving modes, disable Sentry mode, and have full control over the music systems.
Colombo also said that the security failure allowed him to locate the car precisely and to tell whether or not drivers were in the car or not at the time of the hack. David Colombo also stressed that "he could not have full control over the car", saying he could not for example "control steering or acceleration and braking."
Meanwhile, Colombo explained that his effort was meant to highlight potential problems in the Tesla system and provide recommendations for manufacturers and developers to make sure drivers enjoy cruising their Teslas without compromising lives.
That‘s why I would like to get this all fixed before I release any specific details regarding what exactly this all is about.
— David Colombo (@david_colombo_) January 11, 2022
Next steps:
- Waiting for MITRE‘s reply regarding a CVE
- Preparing my Writeup
- Coordinating disclosure to affected owners with Tesla
[5/5]
This might be the first hacking incident for Tesla systems in 2022, but it is certainly not the first one.
In 2017, a member of a Tesla owners group known to the company used his knowledge of the car and its parts to "whitehat hack" a Tesla to report a number of bugs to developers, helping minimize the number of vulnerabilities in its systems.
That same year, Elon Musk did in fact address his worry of what he then called a potential "fleet-wide hack", saying it is one of the main concerns for Tesla. But it is still unclear when the giant automaker will be able to announce the safest possible version of it is systems.
In November 2020, a research team from the Belgian KU Leuven University was able to detect several flaws in a Tesla Model X using a Bluetooth weakness and posted their demonstration on YouTube.
Several other attacks have come to the light in recent years, shedding light on the real danger of more less-ethical hacks that could actually lead to serious accidents and life loss across the world.
