Connect with us

News

The kid who remotely hacked a bunch of Teslas hacked his way to owners’ contact info

Tesla should hire this guy.

tesla badge on model 3 with full self-driving
Image: Kevin Raposo / KnowTechie

Remember that story we published last week about the 19-year-old who was able to remotely hack into dozens of Tesla vehicles around the world? Well, he’s gone one step further by emailing the owners, notifying them that they’re at risk.

David Colombo, a self-described “IT Security Specialist & Hacker,” said he remotely accessed over 25 Teslas and was able to hijack controls like honking the horn, playing music at full volume, and other things like opening windows or closing doors. And in an attempt to notify the owners of this potential security risk, he discovered another flaw.

Being the nice guy he is, he posted his findings to Twitter. A Twitter user immediately suggested he could track down contact details for the affected owners via an API endpoint. This is technical jargon for code that allows two pieces of software to communicate with each other.

“Once I was able to figure out the endpoint, I was indeed able to carry the email address associated with the Tesla API key, the digital car key,” Colombo said in an interview Monday with Bloomberg Television. “You shouldn’t be able to carry sensitive information like an email address using an access that is already expired or revoked.”

After notifying Tesla of this vulnerability, the company quickly sent out a patch, which seems to have resolved the issue.

READ MORE: Hackers can use Bluetooth to unlock and steal some Teslas

Nevertheless, Colombo isn’t letting Tesla off easily and says he expects some sort of compensation via the company’s “bug bounty program.” However, it’s unclear if the company has any plans to throw him a bone.

If you were to ask me, Tesla should just hire this guy. Screw the bounty program – give him a salary and see what other vulnerabilities he can fish out. It certainly wouldn’t be the worst of ideas, and it could potentially save the company from any further embarrassment.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in News