class=article-title id=articleTitle>Teen Tesla hacker accessed owners’ emails to warn them

The 19-year-old cybersecurity researcher who remotely accessed dozens of Tesla vehicles through a third-party flaw has a new trick: hacking the car owners’ email addresses to notify them they’re at risk.

Advertisement 2

Story continues below

This advertisement has not loaded yet, but your article continues below.

Article content

Earlier this month, David Colombo discovered a flaw in a piece of third-party open-source software that let him remotely hijack some functions on about two dozen Teslas, including opening and closing the doors or honking the horn. In trying to notify the affected car owners, he then found a flaw in Tesla’s software for the digital car key that allowed him to learn their email addresses.

We apologize, but this video has failed to load.

Try refreshing your browser, or

tap here to see other videos from our team.

Teen Tesla hacker accessed owners’ emails to warn them Back to video

We apologize, but this video has failed to load.

Try refreshing your browser, or

tap here to see other videos from our team.

Play Video

Colombo said the defect was in a Tesla application programming interface, or API. After he publicized his first discovery, a Twitter user suggested contact details for the affected owners could be found in the code that allows two pieces of software to communicate with each other, also known as an API endpoint.

“Once I was able to figure out the endpoint, I was indeed able to carry the email address associated with the Tesla API key, the digital car key,” Colombo said in an interview Monday with Bloomberg Television. “You shouldn’t be able to carry sensitive information like an email address using an access that is already expired or revoked.”

Advertisement 3

Story continues below

This advertisement has not loaded yet, but your article continues below.

Article content

Recommended from Editorial

These are the 4 top hacking vulnerabilities in today’s cars 

Teen hacker claims ability to control 25 Teslas worldwide

The teenager, from Dinkelsbühl, Germany, said he has shared the additional vulnerability with Tesla, and the car company’s engineers have written a fix to prevent it from happening in the future.

Learn more about the cars

PREV

2023 Tesla Model 3

4.25

out of 5

MSRP  $53,990 to $73,290

Add to Compare Remove Vehicle

2023 Tesla Model Y

4.50

out of 5

MSRP  $57,990 to $74,290

Add to Compare Remove Vehicle

2023 Tesla Model S

4.50

out of 5

MSRP  $99,990 to $124,990

Add to Compare Remove Vehicle

2023 Tesla Model X

4.50

out of 5

MSRP  $109,990 to $130,990

Add to Compare Remove Vehicle

NEXT

Tesla didn’t respond to a request for comment. Colombo said his additional discovery should be eligible for a “bug bounty” from Tesla — consistent with the company’s policy — but officials there haven’t confirmed an amount with him. He joked that he hopes the sum is big enough to cover the coffee bill he’s amassed working on the original flaw the last two weeks.

Share this article in your social network

If you liked this short article and you would like to get additional facts regarding Valentine’s Day Cards kindly stop by the web-site.