One windy afternoon, you drive a brand new Tesla on the highway.
The driver assistance perfectly maintains the speed of the car, and you are enjoying this wonderful driving experience with your whole body relaxed.
Suddenly, the car's stereos began to frantically output Rick Astley's "Never Gonna Give You Up" at an explosive volume.
You're startled and panicked and want to pull over.
At this time, the window of the car suddenly lowered, the door of the car also popped open on its own, and the headlights flashed like a demon.
If it's not a nightmare, then the culprit may be a 19-year-old boy.
Like you, there may be more than 20 in the world, and they all drive Teslas.
I can now remotely control more than 25 Teslas in 13 countries without the owner's knowledge. This includes disabling sentry mode, opening doors/windows, and even starting keyless driving.
Your Tesla has been "controlled" by me
Two days ago, a 19-year-old young hacker from Germany suddenly tweeted that he had achieved remote control of more than 20 Teslas in 10 countries.
Subsequently, that number quickly increased to 13 countries and more than 25 Teslas.
David Colombo, a self-described information technology security expert, said he found flaws in a third-party piece of software that could allow hackers to remotely control some of the vehicle's features, such as unlocking doors, controlling windows, or starting the car without a key and shutting down Tesla's security system.
However, there are not many Tesla owners using this software.
(Graphics and text are irrelevant)
In an interview with Bloomberg, Colombo provided screenshots of his research and other documents that identified the software's manufacturer and provided details of the vulnerability.
Colombo said the issue involves software storing sensitive information in an unsafe way that can connect cars to programs.
When a hacker steals it, it can send various instructions to the car, which is very dangerous.
In addition, he showed Bloomberg a screenshot of a private conversation via Twitter, in which one of the owners allowed him to remotely press his car's horn.
However, Colombo declined to release specific details because the affected organizations did not yet have a corresponding repair plan.
Colombo claims to be a Tesla fan and says he started writing code when he was 10 years old.
Disillusioned with his high school curriculum, his father applied to German authorities to let him attend school two days a week, with the rest of his time expanding his cybersecurity skills.
In addition, he opened his own company called Colombo Technology.
For now, Colombo said tesla's security team members have been in contact with it and will begin an investigation.
To be clear, Colombo doesn't achieve true "remote control," which is to drive these Teslas remotely.
However, he can still suddenly turn the volume up while the owner is driving to scare them to death.
Although you can't drive remotely, you can find one of the Teslas in reality according to the positioning, and then directly pull open the door to drive the car away.
In this way, all cars, refrigerators, or sweeping robots that are connected to the network will most likely face the risk of being "hacked".
From time to time, Tesla will be "black"
In fact, even if you don't count Colombo, this is not the first time hackers have achieved remote access to Tesla cars.
In November 2020, a British security researcher named Lennert Wouters said that by connecting a computer with a Bluetooth signal to the remote control key of the Tesla Model X, it is possible to rewrite the security firmware, query the security chip of the key fob, and generate an unlock code.
The reason lies in an OTA firmware upgrade vulnerability in Tesla's software system.
These key focs do not have a "code signature" for firmware updates, and if the owner obtains a wireless update via Bluetooth, the system cannot confirm that the firmware code is an "unforgeable cryptographic signature from Tesla", resulting in the firmware being incorrectly rewritten.
Wouters says that if all goes well, it can steal a Model X without a key in less than 90 seconds.
In fact, Wouters previously reported the bug to Tesla, who released a patch in the system update to fix the vulnerability.
Coincidentally. Last year, two more security researchers said they could use drones to remotely hack into Tesla's infotainment system. After the invasion is successful, you can remotely unlock the doors, change the seat position, play music, etc.
Moreover, in order to prove that it is not bragging, the two also made a video and showed it at the Cansecwest hacking conference.
In the video demonstration, the drone hovered on the roof for only a few seconds before Tesla's two doors obediently opened.
In response to security breaches, Tesla has launched a "bounty program" to report bugs in addition to releasing program patches, where pre-approved security personnel can register vehicles for security testing.
If an eligible vulnerability is found in a test and reported in a timely manner, you can be paid up to $15,000.
Still, it's unclear whether Colombo's tweeted message complies with Tesla's rewards rules.
More than 400,000 vehicles have just been recalled and investigated by the vehicle management department
In recent times, Tesla has had frequent incidents in driving safety and has had to deal with large-scale recalls and investigations by the California Vehicle Management Department.
The most recent large-scale recall involved 356309 Model 3 and 119009 Model S due to the potential risk of failure in the vehicle's rearview camera and front hood.
A total of 475318 affected vehicles were reportedly recalled, roughly equivalent to the total number of vehicles Tesla delivered to customers last year.
The National Highway Traffic Safety Administration (NHTSA) described specific problems with both vehicles in two recall warnings.
When the user switches the trunk on and off, the rearview camera on the Model 3 vehicle may be damaged, causing the display to not be displayed, increasing the risk of collision.
The problem with the Model S is that the lock of the front hood is misaligned, which may cause the hood to lock properly, and will suddenly open to block the driver's line of sight, increasing the risk of crash.
The rearview camera issue involves the Model 3 produced in 2017-2020, while the problem with the front hood lock involves the Model S produced in 2014-2021.
Moreover, unlike previous vehicles that can be repaired only by wireless updates, some of the vehicles recalled this time must be physically repaired at the depot.
A few days ago, Tesla's "full autopilot" (FSD) beta version was also re-examined by the vehicle management department in California.
The California Department of Motor Vehicles (DMV) is reportedly reviewing the feature to determine whether the claim meets the legal definition of "autonomous driving."
For Tesla, this matter may have a lot of impact. This will determine whether Tesla's cars are subject to California's laws on self-driving cars.
A DMV spokesperson said, "We have notified Tesla that we will initiate further review of its vehicle technology and that if these technologies and features meet the definition of self-driving cars under California law, dmv will take steps to ensure that Tesla operates under appropriate self-driving vehicle licenses."
Currently, the California DMV oversees the nation's largest self-driving car test program, with more than 60 companies currently licensed to operate test vehicles on public roads. Only a few are allowed to operate fully autonomous vehicles without a safe driver, while even fewer are allowed to use vehicles for commercial purposes.
Source: Xinzhiyuan