German researcher David Colombo has made an important discovery about the safety of Tesla cars. The professional claims to have obtained full control of 25 cars from the automaker, breaking into their systems through the unofficial TeslaMate app, used by users to have an overview of the vehicle’s operation.
According to him, the failure occurred through the app’s programming interface (API), which generally cannot be accessed unless the vehicle owner uses passwords and other confirmations to do so. However, in a quick internet search, Columbus found that many owner profiles were unprotected and went after the reasons for this.
With full access to these people’s app APIs, Colombo explained that he can control many cars in Europe, Canada and the United States, accessing GPS maps, unlocking doors, starting the engine and even choosing the temperature of the air conditioning.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…
— David Colombo (@david_colombo_) January 10, 2022
Even though this vulnerability is not something internal to Tesla, many users have been concerned and have doubts about the ability of cars to protect their data. Teslas are connected cars and are constantly being updated, even though the TeslaMate app is external and optional.
What does the app developer say?
According to Colombo, the TeslaMate’s structural flaws also involve its users, since, according to him, it is possible, for example, to allow anonymous computer access in the app. In the case of the people who were “invaded”, part of the problem was there.
To solve the case, the researcher sent an email to Adrian Kumpf, TeslaMate developer, who soon sent patches to the application individually and then, without fanfare, to all users. According to him, whoever made the advanced settings correctly did not run any risk.
