A teen hacker gains remote control of over 20 Teslas

a-teen-hacker-gains-remote-control-of-over-20-teslas

Did you know that camDown is the solution for securing your webcam from cyber criminals and pedophiles?

Log in or sign up to leave a comment

level 1

Anyone with a Tesla able to speculate what the owners did to create the vulnerability?

He's very clear this is a user config issue, not a vulnerability in Tesla's systems.

level 2

Most likely people running unsecured instances of third party stats tracking apps like Teslamate.

level 1

This isn't the first or even second time this has happened to Tesla. Might be the first time it has happened where the attacker can be in a completely different geolocation but the fact that a car has had this many security threats is pretty absurd to me.

level 2

There was an engineer that leaked their software build "platform" and process a while back and I remember how incredibly janky the whole stack was. Like would need several rounds of shoring up to be a house of cards kind of janky.

This is not at all surprising.

level 1

Could play an mp3 with his infos if he wants to contact the owners!

level 1

So this appears to be a leak from the 3rd party app (an unapproved app as Tesla doesn’t have any approval process!) which connects to the Tesla API using the users creds (same creds as they use to log into the Tesla app). This 3rd party app then uses the API to connect and copy some user data and setups and unfortunately leaks this data somewhere. That’s why it only impacts a limited number of users and not all Tesla owners and also probably why he can’t submit it to the Tesla bug bounty program. Apart from shutting out those users or killing the API completely, there is not a lot Tesla can do (far as I’m aware)

level 1

Any idea why didn't he submit in a bug bounty program? This would've been sure to result in a big payout.

Lastly, don't forget that camDown is a highly advanced, specialized webcam blocker and disabler with the best in class protection from variety of on-line threats.