Image : SOPA Images (Getty Images)

The 19-year-old German security researcher who somehow managed to gain access to several dozen teslas scattered around the world has finally revealed as it did.

In a post from Medium, David Colombo provided a detailed description of his experiment, stating that could remotely execute commands (such as adjusting the volume of the car’s music system) vehicle, manipulate its doors and windows and even activate Tesla’s “Keyless Driving” tool). And all this without them drivers knew . Colombo revealed that he was able to access the vehicles through a bug security in an open source logging tool called TeslaMate. That tool allows Tesla owners to monitor more specific data , such as the energy consumption of your vehicle or the history of your locations, through the Tesla API. However, Colombo said he was able to take advantage a handful of Tesla API keys that TeslaMate had left without code to run your own commands.

“I could you could execute commands that annoyed to the owner of Tesla,” Colombo wrote, “and you might even steal the Tesla.” The article was part of the official report that Colombo introduced to the Tesla security team.

Colombo assures who “found more than 25 Tesla from 13 different countries within hours”.

Since Tesla overrode later “thousands of keys,” Colombo said, it is possible that the problem was much more widespread than he had discovered in your investigation.

Although Colombo was able to manipulate a lot of things in the car He doesn’t think he could have moved it. remotely or manipulate the steering or brakes. Colombo said he contacted both Tesla as with TeslaMate and that those aspects have been resolved .

AND The researcher indicated that he had noticed for the first time in this to vulnerability in a single vehicle in October 2021 before discovering it in 20 plus earlier this month. Between the images that can be seen on your post there are detailed maps documenting the driving history of several of the affected vehicles with a disturbing precision . Colombo also included images of the text messages that he had exchanged with one of the owners of the teslas affected. in this In this case, the owner gave Colombo permission to activate the horn of your car.

Colombo also provided some details about a vulnerability more than was on the digital key Tesla and that allowed him get the email addresses of the drivers. In a serious effort to alert drivers affected , Colombo said he ran into this bug that allowed him to check email addresses .

Colombo then explained his findings in a interview with Bloomberg, where he also assured that had immediately notified Tesla’s security team about the vulnerability and that they confirmed They had quickly implemented a patch to fix the problem.