The story of a German specialist who claims to have obtained the “full remote control“more than 25 Tesla, from different owners and in 10 different countries. The 19-year-old German cybersecurity entrepreneur took the opportunity to raise the issue, although he did not provide any evidence of his statements.
So, I now have full remote control of over 20 Teslas in 10 countries and there seems to be no way to find the owners and report it to them
David Colombo (@david_colombo_) January 10, 2022
According to what formally would therefore be a hacker, there would not be a flaw in the software of the car or in Tesla’s servers, but the data leak would rather be attributed to the owners of the cars. In fact, David Colombo, this is his name, in the following hours had to correct the shot, specifying that the control he was talking about was only that relating to the functions that can be controlled remotely, as with the normal Tesla app, and that in no way could he drive a car instead of the driver, or change its basic settings.
From the Tesla app you can in fact open or close the car, turn on the lights, act on the air conditioning, on the windows, on the recharge or even on the horn and on sentry mode, but in no case can the car be controlled as a sort of drone. . What then happened?
The distraction or naivety of the owners may have led them to post sensitive authentication data to your Tesla account online. Another case could concern the many apps developed by third parties, which still require access with the original credentials. Any developer might not have systems as secure as Tesla’s, and could be hacked, resulting in data leaks. Or in the worst cases it could be the developer himself who wants to collect the login data for criminal or fraudulent operations. Also in this case, as in many others, the vulnerability could be the man and not the machine.