Following a massive recall due to hardware problems, Tesla was exposed to software bugs.
Recently, David Colombo, a 19-year-old hacker from Germany, posted on social media that he found a vulnerability in Tesla's third-party software and remotely invaded more than 25 Tesla vehicles in 13 countries through this vulnerability.
It is reported that after successfully invading the vehicle, David can remotely control the windows, doors, lights, music, etc., and even achieve "keyless driving", in addition, he can also query the specific location of these vehicles and whether the owner is near the vehicle.
That is, if the vehicle is controlled at high speeds, it will pose a huge risk of accident to the driver and other vehicles.
David did not disclose the specific details of Tesla's vulnerability on social media, but he said that he did not control the vehicle by hacking into Tesla's security system, but by the vulnerability of third-party software. So strictly speaking, this is the owner's fault, not Tesla's.
Tesla's security team is currently investigating the incident and will be in touch with David soon.
This isn't the first time Tesla has questioned security due to non-hardware issues.
For example, in April last year, a hacker extracted the shooting footage of the camera in the Tesla car and published it on the Internet, from which it can be seen that the camera clearly captured the faces and movements of the people in the car. At that time, Tesla explained that this was mainly to record the actions and behavior of FSD Beta owners during the test, and whether to maintain concentration, and did not use the function on a large scale, but it still caused a lot of controversy.
The continuous improvement of the degree of intelligence of cars also means that the requirements for the network, the cloud and the demand for driver privacy will be more and more, if there is a loophole, it will bring great harm to driving safety and car owners, as one of the main pioneers of automatic driving and intelligence, Tesla has naturally become a "hard-hit area".
As early as last January, 360 founder Zhou Hongyi said that the team found that Tesla cars shipped after 2017 had security vulnerabilities and could be controlled remotely, but when he told Musk about this, he annoyed the latter.
In fact, Musk is not unaware of the fragility and importance of security barriers.
Tesla launched a bug bounty program in 2014, in which cybersecurity researchers can report vulnerabilities in a product to the company and receive a certain amount of bounty if verified. In 2018, Tesla raised the maximum reward for each vulnerability to $15,000, and it is reported that hundreds of thousands of dollars in rewards have been issued.
For the vulnerabilities that have been detected, Tesla also deals with them very quickly. For example, in 2016, a hacker remotely hacked into the Tesla Model S through a WiFi hotspot, and Tesla upgraded and repaired it as soon as it received the report.
For example, from 2015 to 2016, BYD, BMW, Jeep and many other car companies have been invaded, and there have been relatively few intrusions in recent years, and new car-making forces such as Weilai and Xiaopeng have basically not experienced similar incidents controlled by hackers.
Previously, industry experts said in an interview with the media that the new forces of car manufacturing have relatively high safety awareness, the research and development supply chain chain is much shorter, and they have more vehicle codes, so they are relatively safe.
However, with the continuous improvement of the penetration and utilization rate of the Internet of Vehicles and intelligent driving, the challenges to technology, supply chain and third-party components are also greater, which requires car companies and suppliers to strengthen cooperation, and at the same time, car owners are also required to have a certain sense of safety and carefully choose to use third-party software.
Produced by ZAKER News
Text / Bao Xingwa
Editor / Zeng Xiantian