Cars today are more and more sophisticated, so much so that we often say that they look like computers on 4 wheels. But this means that potentially today they are exposed to risks that in the past only affected the world of information technology.
This is no small problem since cars will be increasingly connected in the future. Car manufacturers are therefore called upon to pay attention also to the safety aspect of the software of their cars.
And on the topic of cars and safety comes an interesting piece of news that brings this issue back to the fore. David Colombo, a 19-year-old young man who defines himself as a security expert, hacker and founder of a startup that deals with Cyber Security, through a series of tweets said he had identified a vulnerability that allowed him to “take control” of remote of more than 25 Tesla located in at least 13 different countries.
Yes, I potentially could unlock the doors and start driving the affected Tesla‘s.
No I can not intervene with someone driving (other than starting music at max volume or flashing lights) and I also can not drive these Tesla‘s remotely.
[7/7]
— David Colombo (@david_colombo_) January 11, 2022
Taking control does not mean that it is possible to remotely intervene on the accelerator and steering but that an attacker could potentially unlock the doors, open the windows, start the car, disable the vehicle’s safety systems (Sentry mode) and more. Colombo also said he can see if a person is present in the car, start the audio system and turn on the headlights.
The young man explains that these are interventions that can create potentially dangerous situations. The precise details of the identified criticality have not been provided for security reasons. However, Colombo points out that the vulnerability does not concern Tesla’s infrastructure. The “fault”, if we want to call it that, would lie with the individual Tesla owners affected by this criticality.
Since these important facts seem to drown between other comments, I‘ll add them here again 👇
This is not a vulnerability in Tesla‘s infrastructure. It‘s the owners faults. That‘s why I would need to report this to the owners as stated above.
[1/X]
— David Colombo (@david_colombo_) January 11, 2022
The details, as mentioned, have not been revealed but the problem could concern the third-party apps that some Tesla users use for a series of functions in the absence of an official app. Obviously, the young man’s tweets soon made the rounds of the network causing a lot of discussions. Colombo then claimed to be in contact with Tesla’s security team investigating the issue.
This fact has then rekindled the headlights on the issue of car software safety. As mentioned at the beginning, this is an area on which manufacturers will have to work a lot. An attacker who somehow remotely takes control of a car can cause major problems that can potentially put drivers and all road users at risk.
The problem, however, is not new. Even in the past, before the advent of the new “super-connected” cars, there were episodes. Think, for example, of hacking keyless systems. In any case, thanks to the spread of OTA updates, car manufacturers will be able to intervene quickly to close any security flaws.