Tesla Cars Hacked

10070957501?profile=RESIZE_400xA 19-year-old security researcher said he was able to hack into over 25 Teslas from around the world.  Recently the young hacker published a blog post explaining how he was able to remotely hack into the cars via security bugs in TeslaMate, a popular open source logging tool that tracks anything from the Tesla's energy consumption to location history.  The teenager hails from Dinkelsbühl, Germany and first revealed news of the vulnerability on Twitter earlier in January, but waited to fully detail the issue until the Tesla issues were fixed.

The researcher said the vulnerability allowed him to remotely access multiple Tesla features, including unlocking doors and windows, and starting keyless driving.  The teen also said he could turn on the stereo or honk the horn, as well as view the car's location and whether the driver was present.  However, he said he does not believe it would be possible to move the vehicle remotely.

"There should be no way at all that someone could literally walk up to some Teslas they do not own and take them for a drive," he said in his blog post on Medium.  "I also think it potentially could result in some dangerous situations on the road.  For example, if someone with remote access starts blasting music on max volume while the driver is on the highway, or randomly and uncontrollable remotely flashing the lights of the Teslas at night."

The security issue revolved around how TeslaMate stored sensitive information that is needed to link the program to the car.  The cybersecurity researcher explained that the information, including the car's API Key, could be repurposed to remotely send commands to the exposed Teslas and allow hackers to retain long-term access to the cars without the driver's knowledge.[1]

The German youth said he first became aware of the vulnerability in one Tesla in October and was able to contact the owner.  He found over 20 more vulnerable Teslas in January but faced difficulty contacting the owners.  In his efforts to alert Tesla owners to the issue, he also found a flaw in the carmaker's software for its digital car key that allowed him to learn a Tesla owner's email address.[2]

After privately reporting the issues to TeslaMate, as well as Tesla's security team, the third party tool pushed a software fix and Tesla's security team revoked all affected access tokens, as well as notified the owners.  TeslaMate told TechCrunch that the company pushed out the update within hours of receiving the warning. 

The German security researcher is not the first to hack a Tesla.  Last year, two researchers showed how a drone could launch an attack via WiFi and open a Tesla's doors.  In 2020, another researcher managed to hack into a Tesla's keyless entry system in 90 seconds by spoofing the signal.

With all great technological advances, there is always a negative side where hackers will exploit.  In this case, to the potential detriment of highway safety.  Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/3702558539639477516

[1] https://arstechnica.com/cars/2022/01/teen-hacker-finds-bug-that-lets-him-control-25-teslas-remotely/

[2] https://www.pcmag.com/news/teenage-hacker-gains-remote-control-of-25-teslas-in-13-countries

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Resources

 

CASE STUDIES