If you own a Tesla, please make sure you are running the latest version of all software because a genius teenager called David Colombo from Germany has figured out how to remotely hack your car to do many things, including but not limited to the following:
- Track exactly where the Tesla is.
- Unlocking the doors.
- Opening the windows.
- Starting Keyless Driving.
- Sharing videos to the Tesla.
- Changing heater/cooler settings.
- Honking the horn & flashing the lights.
Also, renowned cyber security researcher John Jackson pointed out that it might have been possible to utilize the “summon” feature to get the car moving and potentially even hit something or someone.
Thankfully, David is a white-hat hacker, and as soon as he made his discovery, he reported it to Tesla, who fixed the issue by rolling out a security update.
You can read David’s fascinating Medium article HERE, where he explains how he remotely broke into 25+ Tesla’s from 13 countries (inc. Germany, Belgium, Finland, Denmark, the UK, the US, Canada, Italy, Ireland, France, Austria, and Switzerland.) within hours.
Here is a snippet where he explains how he gained access to random Teslas all around the world:
- Run an internet-wide search for TeslaMate instances (search e.g., for the MQTT brokers).
- Make sure they run with the insecure default Docker configuration (this should be fixed by now, as user, please pull the latest version asap).
- Go to port 3000 to access the Grafana dashboard.
- Login using default credentials (of course, only do that with explicit authorization).
- Go to the Explorer tab.
- Use the Query Builder to extract the API and refresh tokens.
- Have fun playing around with a Tesla (of course only with vehicles you own).
Please make sure you are always running the latest version of all software provided to you by Tesla.
Thanks and have a great rest of your day.
All the best,
Incognito Privacy Care Team.