Source: International Finance News
On January 13, according to media reports, a 19-year-old German hacker, David Colombo, tweeted on social platforms that he had discovered a vulnerability in Slat's third-party software that could allow it to remotely hack into 25 Tesla electric cars in 13 countries.
According to the tweet, the vulnerability could allow it to remotely execute commands against Tesla on third-party software without the owner knowing. At present, its instructions that can be executed by exploiting loopholes include opening doors or windows, disabling safety mode, flashing headlights to interfere with driver driving, and so on. More seriously, the vulnerability also led him to start the vehicle even without a key.
This means that if the vulnerability is mastered and maliciously used by criminals, the safety of the owner and the vehicle cannot be guaranteed.
Perhaps for this security reason, Colombo did not disclose the specific details of Tesla's software vulnerability, but said in an interview with the media, "This is not a vulnerability in Tesla Motors, but caused by Tesla owners and third-party software, and insecure third-party software allowed me to exploit this vulnerability." At the same time, it added that only a few Tesla vehicles in the world have been affected.
It is reported that before, Tesla has also had a "hot search" because of software issues. According to media reports on December 23, 2021, NHTSA launched a formal safety investigation into cars sold by Tesla since 2017 because Tesla allows drivers to play games on the front central touchscreen while driving the vehicle.
NHTSA said the feature, dubbed "Passenger Play," "could distract drivers and increase the risk of a crash." Previously, the game feature was "only enabled when the vehicle is parked".
According to the report, NHTSA's preliminary assessment covers tesla model 3, S, X and Y vehicles of various models from 2017 to 2022, involving up to 580,000 vehicles. At present, it has been "confirmed that Tesla motors equipped with 'passenger games' have this function since December 2020."
Subsequently, Tesla responded that the software update would block Passport Play, making the car unusable while driving.
In response to the problem of the third-party software vulnerability, Tesla has not replied to it for the time being, but has taken measures. According to Colombo, "I am in contact with Tesla's product security team as well as third-party maintenance personnel to notify affected owners and roll out security patches for the vulnerability." ”
![Xiaopeng Motors was fined in response to "collecting faces": the data was deleted and not leaked[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)