The kid who remotely hacked a bunch of Teslas hacked his way to owners’ contact info
Tesla should hire this guy.
Remember that story we published last week about the 19-year-old who was able to remotely hack into dozens of Tesla vehicles around the world? Well, he’s gone one step further by emailing the owners, notifying them that they’re at risk.
David Colombo, a self-described “IT Security Specialist & Hacker,” said he remotely accessed over 25 Teslas and was able to hijack controls like honking the horn, playing music at full volume, and other things like opening windows or closing doors. And in an attempt to notify the owners of this potential security risk, he discovered another flaw.
Being the nice guy he is, he posted his findings to Twitter. A Twitter user immediately suggested he could track down contact details for the affected owners via an API endpoint. This is technical jargon for code that allows two pieces of software to communicate with each other.
“Once I was able to figure out the endpoint, I was indeed able to carry the email address associated with the Tesla API key, the digital car key,” Colombo said in an interview Monday with Bloomberg Television. “You shouldn’t be able to carry sensitive information like an email address using an access that is already expired or revoked.”
After notifying Tesla of this vulnerability, the company quickly sent out a patch, which seems to have resolved the issue.
Nevertheless, Colombo isn’t letting Tesla off easily and says he expects some sort of compensation via the company’s “bug bounty program.” However, it’s unclear if the company has any plans to throw him a bone.
If you were to ask me, Tesla should just hire this guy. Screw the bounty program – give him a salary and see what other vulnerabilities he can fish out. It certainly wouldn’t be the worst of ideas, and it could potentially save the company from any further embarrassment.
- Tesla’s next-gen batteries could increase range by an impressive 20%
- Why did Tesla slap these truly terrible side mirrors on the Cybertruck?
- Tesla Full Self-Driving now costs $12,000 – unless you pay monthly
- Tesla driver in California first to be charged with manslaughter over fatal Autopilot crash