NDTV News

NDTV.com provides latest news from India and the world. Get today’s news headlines from Business, Technology, Bollywood, Cricket, videos, photos, live news coverage and exclusive breaking news from India.

https://www.ndtv.com/

Teen Stumbled Onto Flaw Letting Him Hijack Teslas, Control Some Functions.

Teen Stumbled Onto Flaw Letting Him Hijack Teslas, Control Some Functions

David Colombo said he was able to contact three Tesla owners -- in Germany, the U.S. and Ireland

David Colombo, a 19-year-old cybersecurity researcher in Germany, came upon the biggest discovery of his young career by accident.

He was performing a security audit for a French company when he noticed something unusual: a software program on the company's network that exposed all the data about the chief technology officer's Tesla Inc. vehicle. The data included a full history of where the car had been driven and its precise location at that moment.

But that wasn't all. As Colombo dug deeper he realized that he could push commands to Tesla vehicles whose owners were using the program. That capability enabled him to hijack some functions on those cars, including opening and closing the doors, turning up the music and disabling security features. (He couldn't take over the cars' steering, braking or other operations, however.)

The discovery, which Colombo published on Twitter this week, triggered a vigorous discussion online as the latest example of hacking risks associated with the so-called Internet of Things, where seemingly every product -- from refrigerators to doorbells -- now have an internet connection.

"I'm not sure I would send that tweet again," said Colombo, who began programming when he was 10. "The response was crazy. Somewhere in the comments I have pro- and anti-Tesla arguing very heatedly. It just got blown up so much."

Colombo said he found more than 25 Teslas in 13 countries throughout Europe and North America that were vulnerable to attack, and that subsequent analysis indicated there could have been hundreds more. The flaws aren't in Tesla's vehicles or the company's network but rather in a piece of open-source software that allows them to collect and analyze data about their own vehicles.

Tesla didn't respond to requests for comment. Colombo said a member of the company's security team contacted him and that he shared his findings. A spokesperson for the U.S. National Highway Traffic Safety Administration said it has been in contact with Tesla about the matter and that the agency's cybersecurity technical team would assist with the evaluation and review of the information.

Colombo provided screenshots and other documents detailing his findings and identifying the maker of the affected third-party software, but he asked that Bloomberg not publish specifics because the flaws hadn't yet been fixed.

A self-described Tesla fan from Dinkelsbühl -- which he described as having "one of the most beautiful old towns in all of Germany" -- Colombo said his mother developed breast cancer when he was 13, and he immersed himself further in coding to help distract himself. (She died the following year, he said.)

Bored by school, he said he and his father successfully petitioned the government when he was 15 to allow him to go just two days per week and spend the rest of his time expanding his cybersecurity skills and building a consulting firm, which he named Colombo Technology.

"I was having to learn Latin and literary analysis, and I was like, 'Why? I could be protecting companies, building secure stuff,' " he said, adding that he concluded that school "was a waste of time."

Colombo said he has participated in several "bug bounties" -- programs where companies pay independent security researchers for weaknesses found in their products -- and consulted for companies helping them assess their security.

This isn't the first time that potentially serious security vulnerabilities involving internet-connected automobiles have been disclosed. In 2015, a pair of security researchers revealed an attack where they remotely took control of a Jeep Cherokee and killed the engine as a journalist for Wired drove the vehicle at 70 miles per hour down a highway in the U.S. The shocking demonstration, which was possible because of flaws in the internet-connected infotaintment systems, led to the automaker recalling 1.4 million cars and trucks -- the first auto recall prompted by cybersecurity concerns.

Since then, researchers have disclosed numerous other hacking risks they've discovered with the sophisticated electronics that are increasingly being added to automobiles.

Shortly after the Jeep hack was made public, a different pair of researchers disclosed software flaws in Tesla's Model S that could have allowed hackers to shut down a moving car's engine. The researchers coordinated with Tesla, which issued a software fix at the same time.

Colombo said he was able to contact three Tesla owners -- in Germany, the U.S. and Ireland -- before disclosing what he had discovered. He showed Bloomberg screenshots of a private conversation on Twitter where one affected owner allowed him to remotely honk the car's horn to confirm the vulnerability.

He said he decided to publish his findings after failing to find contact information for most of the other Tesla owners whose data was exposed.

"I wanted to report it to the owners -- that's the whole story," he said. "Because if I don't do it, maybe someone with malicious intent will find those system vulnerabilities and do malicious stuff. Imagine there's someone who can go up to the Tesla, unlock the doors and take it for a drive."

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

Останні новини
Hryvnia rate to stabilize in next 10 days - expert

Hryvnia rate to stabilize in next 10 days - expert

Normalization of the cash exchange rate after the National Bank removed rate caps is expected within 10 days. In the near future, the hryvnia rate will be at UAH 34-36 to the U.S. dollar.

UkrInform

McEnany torches Biden's crisis response: Always late to the party.

McEnany torches Biden's crisis response: Always late to the party.

'Outnumbered' panelists discuss Biden's use of the Defense Production Act to combat the baby formula shortage.  #FoxNews Subscribe to Fox News! Watch more Fox News Video: Watch Fox News Channel Live: FOX News Channel (FNC) is a 24-hour all-encompa...

Russian troops fire mortar rounds at Ukrainian targets.

Russian troops fire mortar rounds at Ukrainian targets.

MOMENT Russian troops fire mortar rounds at Ukrainian targets during devastating war zone combat. The Russian Ministry of Defence said the mortar attack was carried out following reconnaissance work by an intelligence team using drones. The 120-mm...

Taylor Swift's address, Cannes red carpet, flooding in India: World in Photos, May 19.

Taylor Swift's address, Cannes red carpet, flooding in India: World in Photos, May 19.

A look at the top photos from around the globe.

Ukraine war: Civilians struggle for survival in besieged Severodonetsk.

Ukraine war: Civilians struggle for survival in besieged Severodonetsk.

Sky's Alex Crawford reports from Severodonetsk in eastern Ukraine, the one remaining pocket of Ukrainian resistance in the war-zone which is Luhansk. There are estimated to be a few thousand civilians left in the city - many of whom have stayed to...

2 33

Pres. Biden welcomes Finland and Sweden leaders to the White House in support of their bid to joi…

Pres. Biden welcomes Finland and Sweden leaders to the White House in support of their bid to joi…

President Biden announced he's throwing his full support behind accepting Sweden and Finland into NATO. Mr. Biden welcomed his Swedish and Finnish counterparts to the White House on Wednesday, where they discussed the nations' NATO applications an...

House to vote on bills addressing domestic terrorism, baby formula shortage.

House to vote on bills addressing domestic terrorism, baby formula shortage.

The U.S. House is set to vote on bills aimed at tackling the nationwide baby formula shortage, and addressing domestic terrorism in the wake of the mass shooting in Buffalo. CBS News congressional correspondent Scott MacFarlane joins CBS News' Ela...

1