Teen hacker finds bug that lets him control 25+ Teslas remotely:
A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.
David Colombo explained in the thread that the flaw was "not a vulnerability in Tesla's infrastructure. It's the owner's faults." He claimed to be able to disable a car's remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car's exact location.
However, Colombo clarified that he could not actually interact with any of the Teslas' steering, throttle, or brakes, so at least we don't have to worry about an army of remote-controlled EVs doing a Fate of the Furious reenactment.
(Score: 2) by Snotnose on Sunday January 16, @01:18AM
Is a script kiddie an IT researcher? What if s/he tweaks a line or three of a script, does that make them an IT researcher?
I have trouble believing a teenager, especially an American teen, can qualify as an IT researcher. Don't get me wrong, s/he could be the second coming of Elon Musk. But I doubt it.
For some background, back in the (300 baud) day I used to disassemble code on my TRS-80, and hang out on BBS systems. One day I got a message to call a certain phone number. I did. I was in the Montgomery Ward ordering system. No login, no password, if you knew that number you were in. I ordered myself a top of the line refrigerator, then cancelled it when they wanted a delivery address. I hung up then because A) I couldn't believe they were that naive; and B) I was renting an apartment and had nowhere to put a top of the line fridge.
Did that make me an IT researcher? Aww hell no. The IT researcher in me was spending 8 hours disassembling game code to save me 1 hour of actually playing the damned game. That taught me more z-80 assembly than any number of books would have.
Could I have ordered a complete living room and bedroom set of furniture, along with a TV, and gotten away with it? 90% sure now that I look back on it, but even 10% chance of no would have noped me right out. Which it did.
I really suck at smalltalk. I just asked the woman cutting my hair what she did for a living.
(Score: 0) by Anonymous Coward on Sunday January 16, @01:29AM
In-vehicle networks are almost completely insecure, because they all use the CAN bus, which has no security whatsoever. Even if the safety critical stuff isn't connected directly to it, it's always connected to something that is.
And if you can unlock the doors and start the engine - well not literally the engine, in a Tesla - you can steal the car while looking completely innocent.