He only recently got his driver’s license, but already has hundreds of cars; David Colombo opened Teslas from Bavaria all over the world, let them honk and blink. To the stern he reveals how he outwitted the vehicles.
“Try honking if you want.” It honks. “Can you confirm that this worked?” The amazed Irishman confirms. David Colombo from Dinkelsbühl in Franconia has just startled a neighborhood somewhere in Ireland. And that without knowing the Tesla owner personally or having ever seen his Tesla Model X.
What happened? “It was an accidental discovery when I was looking for vulnerabilities on a customer’s system,” explains Colombo, an IT expert with , in an interview with stern. “There I found an instance of Tesla software that initially only told me the location of a vehicle, which was unusual. From then on I wanted to know more and suddenly had numerous vehicles under my control.”
Through a vulnerability in a third-party Tesla software, he managed to gain access to over 25 Teslas in 13 different countries. The 19-year-old had access to the vehicles’ camera system, door locks, windows, horn and other key functions. Even movement data was available to him. “Theoretically, I would have reached 30 vehicles in China as well, but I really had no interest in messing with China’s strict cybersecurity law, so I ignored those vehicles,” explains Colombo.
Startled by the message, numerous Tesla drivers went in search of the problem, since Colombo had promised the developer of the faulty software that he would not be left unprotected. It was only when the problem was resolved that it came to light: It was a meanwhile updated version of “” whose users had not adequately protected access.
“TeslaMate” is a freely available data logger that collects vehicle information and processes it graphically. Users put this on a server themselves and then link their vehicle to it. Once set up, you have access to trips and charging reports, consumption, various statistics, addresses visited and a logbook. Of course, access for unauthorized guests is not part of the plan and the tool does not belong on freely available servers on the Internet.
After all, no control of the cars possible
After Colombo viewed the source code of “TeslaMate” and understood that the software did not store access to the respective vehicle separately or in encrypted form, he managed to take over the Teslas by entering simple standard access data for the graphical interface (“Grafana”). The access data, he adds, would not have been an obstacle if necessary.
Only Colombo could not drive with the cars. But if they had had the so-called “Summon” feature, he doesn’t want to rule out the possibility that he could have moved the cars. With “Summon,” Tesla owners in the US can drive their cars up to 150 meters across parking lots without a person behind the wheel, so they don’t have to walk all the way to the car. Significantly stricter limits apply to German drivers.
Teslas were publicly available over the internet
A Tesla is a highly digitized vehicle. If the cars have reception, they can always be reached on the network and send data. This also applies to connected tools such as “TeslaMate” or “”, which depend on the data streams from the vehicles. And for Colombo, this meant that the vehicles with inadequate technical protection were virtually at his feet. Colombo shared quite detailed instructions on how to reach the wagons stern. However, he only wants to go public with all the details when all potential targets for such an attack are certain.
Much more interesting than the exact procedure, which can no longer be carried out anyway due to the quick reactions of the developers concerned, are the possibilities that opened up for Colombo. Because if he had acted in bad faith, it would have been a matter of a few clicks and inputs to have a Tesla flash and honk mid-drive. Of course, this is irritating on the freeway for occupants and other road users alike and is therefore potentially dangerous.
Tesla was informed and acted
The discovery haunted Colombo: “It was frustrating. I had access to strangers’ cars, but no way of contacting them. Through intensive searching, I was able to identify a handful of affected Tesla drivers and help them fix the error, but ultimately I needed the manufacturer’s security team to get through to everyone. All affected owners should have received a message by now.”
Eventually, he explains, he even had access to several hundred cars, but didn’t test his access further at Tesla’s requests. In the meantime, the car manufacturer, with whom Colombo had worked closely from the very beginning, has recognized the problem, taken initial measures and blocked access. The developer of “TeslaMate” also revised its software and patched the leak long before the reports were published.
“I don’t blame anyone for this incident, neither Tesla nor the really dedicated developer of the tool,” adds Colombo, “but I strongly advise against posting important things openly on the web and urge every Tesla driver to be careful dealing with the logins. I discussed the change requests for the tool with the developers and most of them have already been implemented. I also made a few wishes for Tesla, but in general I think their security system is solid.”
the stern also contact Tesla based on this story. Unfortunately, at the time of publication, it was not clear how the US automaker sees, handles and solves the case, as no feedback was received.
Source From: Stern