David Colombo has only 19 yearsbut at his young age he already managed to hack remotely 25 Tesla cars in more than 10 different countries via security bugs in TeslaMate, an open source logging tool that tracks everything from Tesla’s energy usage to location history.

Furthermore, the young man, who is icyber security investigatorwas able to access the email addresses of the owners of the Teslas, thereby notifying them that they were at risk.

It all started in early January, when Colombo discovered the flaw in the open source software with which he was able to remotely hijack some functions in Tesla cars like open and close the doorSW play the Claxon.

The countries Where the affected Tesla vehicles were located include Germany, Belgium, Finland, Denmark, the United Kingdom, the United States, Canada, Italy, Ireland, France, Austria, and Switzerland.

Then, in trying to notify the owners of the affected electrics, found a bug for the digital key of the car that allowed him to know his addresses of email.





The whole security issue had to do with how TeslaMateas the platform stored the confidential information that was needed to link the program to the car.

The teenager from Dinkelsbuhl, Germany reported the bug earlier this month on Twitter, but waited until it was fixed to detail more about it. how did you gain access to all that.

So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them… — David Colombo (@david_colombo_) January 10, 2022

In his Medium, Colombo detailed chronologically the whole process and said that this type of failure could be dangerous if the car is moving on the road:

“For example, if someone with remote access starts playing loud music while the driver is on the road, or remotely and uncontrollably flashes the headlights of Teslas at night.”



Colombo posted screenshots of open source flaws

However, he did not find that the hack could be carried out directly on the car, that is, on the address, brakes what do I know could move the vehicle remote form.

according to the boy, this one not a vulnerability in the infrastructure straight from tesla. Furthermore, in an interview with BloombergColombo said he immediately notified Tesla’s security team of the email flaw and confirmed they quickly rolled out a patch to fix the problem.