IT-SECURITY Tesla-hack: 19-year-old remotely controls around 25 vehicles
From Nicole Kareta
"So, I now have full remote control of over 25 Tesla's in 13 countries and there seems to be no way to find the owners and report it to them..." reads a January 10, 2022 tweet from Tesla hacker David Colombo. To warn owners, the 19-year-old IT security expert turned to social media.
The security breach was caused by a third-party app that is actually primarily intended to allow vehicle owners to easily log and retrieve vehicle data.
19-year-old David Colombo from Dinkelsbühl, Germany, is currently making headlines after he announced via Twitter on January 10, 2022, that he had been able to hack at least 25 Tesla vehicles in 13 different countries and thus partially take them over. Specifically, this means he was able to play music at full volume and take control of windows and doors via remote control, among other things. In another comment on Twitter, the teenager points out how dangerous such a security breach could be - especially if the driver is currently on the highway.
Fortunately, Colombo is not a dangerous hacker - as the founder of an IT security company, the young entrepreneur has only good intentions - and tried to warn the potential victims of hacking attacks. Consequently, he did not want to give any more specific details about the security flaw at first, until it was fixed. Colombo makes only one thing clear in advance: The fact that hackers could have remote access to important functions of Tesla vehicles is not a fault of the renowned car manufacturer, but a security flaw of third-party software used in the vehicles. It has since been revealed that the source of the flaw was a third-party app, which is actually primarily intended to allow vehicle owners to easily log and retrieve vehicle data.
As vehicles are increasingly equipped with smart features and Internet-enabled devices, the issue of cybersecurity has long since become more relevant. We can only hope that the limits will continue to be tested only with well-meaning intentions in the future and that it will become increasingly difficult for malicious hackers to overcome them.
Follow us on LinkedIn
Have you enjoyed reading this article? Then follow us on LinkedIn and stay up-to-date with daily posts about the latest developments on the industry, products and applications, tools and software as well as research and development.
It goes without saying that we treat your personal data responsibly. Where we collect personal data from you, we process the data in compliance with the relevant data protection regulations. More detailed information is available in our privacy policy.
Consent to the use of data for advertising purposes
I consent to the use of my email address to send editorial newsletters by Mesago Messe Frankfurt GmbH, Rotebühlstr. 83-85, 70178 Stuttgart, Germany including all of its affiliates within the meaning of Section 15 et seq. AktG (‘Mesago’). I have viewed lists of each group of affiliates here for the Mesago. The content of the newsletter covers the products and services of all of the companies listed above including, for example, trade magazines and specialist books, events and exhibitions and event-related products and services, printed and digital media products and services such as additional (editorial) newsletters, competitions, lead campaigns, online and offline market research, technical web portals and e-learning courses. If my personal telephone number has also been collected, it may be used to send offers for the aforementioned products and services from the above companies, as well as for market research purposes. If I wish to access protected content online on portals of Mesago including its affiliates within the meaning of Section 15 et seq. AktG, I must register with additional data in order to access that content. In return for this free access to editorial content, my data may be used in line with this declaration of consent for the purposes described herein.
Right to withdraw consent
I am aware that I can withdraw this consent at any time with future effect. My withdrawal of consent does not affect the lawfulness of processing performed based on my consent before its withdrawal. If I wish to withdraw my consent, I can send an email to Mesago at privacy@mesago.com. If I no longer wish to receive individual newsletters to which I have subscribed, I can also click on the unsubscribe link at the bottom of a newsletter. I can find more information on my right to withdraw, how to exercise this right and the consequences of my withdrawal in the Privacy policyEditorial newsletters section.