The downside with offering APIs to interact with a car is that someone else’s security problem might become your own.
A young hacker and computer security researcher has found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.
David Colombo explained in the thread that the flaw “wasn’t a vulnerability in Tesla’s infrastructure. It is the fault of the owner. He claimed to have the ability to remotely disable a car’s camera system, unlock doors, open windows, and even drive without a key. It can also pinpoint the exact location of the car.
However, Colombo has made it clear that it can’t actually interact with Tesla’s steering, throttle, or brakes, so at least we don’t have to worry about an army of remote-control electric vehicles doing a Fate reenactment.
Colombo says he reported the issue to Tesla’s security team, which is investigating the matter.
On a related note, early Wednesday morning, a third-party app called TezLab reported seeing “multiple thousand Tesla Authentication Tokens expiring at the same time.”
The TezLab application uses Tesla’s APIs which all