Image: SOPA Images (Getty Images)
The 19-year-old German security researcher who somehow managed to gain remote access to dozens of Teslas spread out around the world has spilled the beans on how he did it.
In a Medium post, David Colombo provided an in-depth accounting and timeline of his previous experiment where he claimed he could remotely run commands (like adjusting a vehicle’s stereo volume, manipulating doors and windows, and even engaging Tesla’s “Keyless Driving” tool), potentially without drivers ever knowing. Colombo revealed he was able to gain access to the vehicles through a security flaw in an open-source logging tool called TeslaMate. That tool lets Tesla owners monitor more granular data like their vehicle’s energy consumption and location history by utilizing Tesla’s API. However, Colombo said he was able to repurpose a handful of Tesla’s API Keys—which he said were stored unencrypted by TeslaMate—to run his own commands.
“You could run commands that annoy the shit out of the Tesla owner,” Colombo wrote, “And you could even steal the Tesla.” The write-up was part of Colombo’s official responsible disclosure report submitted to Tesla’s security team.
Colombo says he “found 25+ Tesla’s [sic] from 13 countries within hours.” The countries where the Tesla vehicles were located include “Germany, Belgium, Finland, Denmark, the UK, the US, Canada, Italy, Ireland, France, Austria and Switzerland,” he wrote, adding: “There were about at least an additional 30+ from China, but I really did not want to mess with China’s cyber security laws so I left them completely untouched.”
Since Tesla later revoked “thousands of keys,” Colombo said, it’s possible the issue was far more widespread than his research uncovered.
Though Colombo was able to manipulate a shocking amount of the car’s features, he does not believe he would have been able to remotely move the car or manipulate steering or brakes. Colombo said he reached out to both Tesla and TeslaMate and that fixes have been issued.
In his timeline of events, the researcher said he first noticed the vulnerability in a single vehicle back in October 2021 before discovering it in 20 more early this month. Images on the blog post show detailed maps documenting the driving history of several of the affected vehicles with eerie precision. Colombo also included images of text message exchanges between himself and one of the affected Tesla owners. In that case, the owner gave Colombo permission to remotely trigger his car horn.
Colombo also provided some details on an additional flaw, this time in Tesla’s digital car key, that allowed him to obtain drivers’ email addresses. In an earnest effort to alert the previously affected drivers of the third-party flaw affecting their vehicles, Colombo said he stumbled upon a flaw that allowed him to query drivers’ email addresses. Though Colombo was searching specifically for the emails of owners of the affected vehicles, the software flaw could potentially be …….
Source: https://gizmodo.com/tesla-hacker-david-colombo-teslamate-tesla-api-keys-1848418767