Stories
Slash Boxes
Comments

SoylentNews is people

Teen Hacker Finds Bug That Lets Him Control 25+ Teslas Remotely

posted by janrinok on Sunday January 16 2022, @12:59AM   Printer-friendly
from the going-soon-from-outside-a-house-near-you dept.

upstart writes:

Teen hacker finds bug that lets him control 25+ Teslas remotely:

A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.

David Colombo explained in the thread that the flaw was "not a vulnerability in Tesla's infrastructure. It's the owner's faults." He claimed to be able to disable a car's remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car's exact location.

However, Colombo clarified that he could not actually interact with any of the Teslas' steering, throttle, or brakes, so at least we don't have to worry about an army of remote-controlled EVs doing a Fate of the Furious reenactment.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Teen Hacker Finds Bug That Lets Him Control 25+ Teslas Remotely | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday January 16 2022, @01:29AM (3 children)

    by Anonymous Coward on Sunday January 16 2022, @01:29AM (#1213048)

    In-vehicle networks are almost completely insecure, because they all use the CAN bus, which has no security whatsoever. Even if the safety critical stuff isn't connected directly to it, it's always connected to something that is.

    And if you can unlock the doors and start the engine - well not literally the engine, in a Tesla - you can steal the car while looking completely innocent.

  • (Score: 3, Informative) by Snotnose on Sunday January 16 2022, @02:18AM (1 child)

    by Snotnose (1623) on Sunday January 16 2022, @02:18AM (#1213058)

    The CAN bus is a modified I2C bus, which is much too slow to deal with wireless connectivity.

    The conclusion being some upper layer that was responsible for 802.11x to CAN is responsible for security. And it dropped it's pants, not the CAN bus itself.

    To put it another way, if your "smart tv" is hacked, can you blame the remote?

    --
    When the dust settled America realized it was saved by a porn star.

    • (Score: 4, Informative) by Anonymous Coward on Sunday January 16 2022, @03:41AM

      by Anonymous Coward on Sunday January 16 2022, @03:41AM (#1213070)

      Note that the summary says "in 13 countries". Telsas have an app that lets you control some features from your cellphone over the internet. It's a horrible idea, but everything is going that way these days, and luxury cars are no exception. As for this incident, isn't isn't even the car getting hacked but the control website. As per the Ars article, Tesla's fix was to revoke thousands of authentication tokens, no doubt either due to weak passwords or people posting their access tokens to the net. Yes, people do that. Yes, it's just as stupid as it sounds.

  • (Score: 4, Funny) by maxwell demon on Sunday January 16 2022, @07:08PM

    by maxwell demon (1608) on Sunday January 16 2022, @07:08PM (#1213203) Journal

    Just wait until the cars are fully self-driving. Then the hacker can just order your car to come to him.

    --
    The Tao of math: The numbers you can count are not the real numbers.