David C. is a 19-year-old cyber security researcher who was able to hack into 25 Tesla’s.
The teenager wrote a blog about how he was able to remotely hack into the vehicles via TeslaMate (a tool that tracks data about Tesla’s).
But the security researcher did not reveal the method he used until it had been fixed by Tesla.
According to David, he was able to remotely access features such as unlocking doors and starting the vehicles.
He could also turn the radio on and honk the horn. He could even figure out the car’s exact location.
“There should be no way at all that someone could walk up to some Tesla they do not own and take them for a drive,” David said.
“I also think it potentially could result in some dangerous situations on the road. For example, if someone with remote access starts blasting music on max volume while the driver is on the highway…”
David explained that he was able to use TelaMate to get the car’s API Key and then send commands to the car all without the car owner’s knowledge.
He was also able to contact some of the owners of the Tesla’s that he hacked into.
After he reported the security issue to Tesla, the third-party tool received a software update to fix the flaw.
These days, around one percent of vehicles on the road are electric.
But we know this number is going to drastically increase, because some politicians want to force car makers to be completely electric in the next decade.
Which is concerning, because electric vehicles are not without flaws, especially when it comes to cyber-attacks.
Here’s exactly what I mean…
Third-party apps:
TelsaMate is a third-party app that is self-hosted. It is often used on home computers by Tesla owners.
The app accesses the car’s API to see the car’s data and owner information.
Now, most electric vehicles don’t have a traditional App Store like your smartphone does. Instead, electric vehicle owners can use unofficial ways to use third-party apps.
For instance, Tesla owners can use third-party apps to use features such as trip logs and battery health reports.
The problem is that third-party apps can lead to security flaws such as that seen with TeslaMate.
Public chargers:
Public EV charging stations are popping up all over the country, often located at truck stops and gas stations.
Some of these public charging stations are in remote locations where it makes sense people would need to charge.
But these public charging stations in the middle of nowhere are self-service, without much physical security.
And with just a little effort, someone could break into the computer operating the charger and hack it, and no one would be the wiser.
In fact, there are reports of public chargers displaying pornographic images while people are charging.
Hackers demand a ransom to remove the images from the car’s screen.
Home chargers:
Unfortunately, home charging stations aren’t much safer than public ones.
Security researchers tested six different house charging stations and found they all had security flaws that could be exposed by a cyber-attack.
The security issues are a result of the fact that house chargers allow users to monitor the status of their vehicle via an app.
There have been reports that hackers can turn house chargers on and off. Hackers have even used home EV chargers to access the home’s entire internet network.
The reality is that there will likely come a day when all vehicles will be electric…
Which could mean that our vehicles could be in danger of getting hacked as often as home computers. Let’s just hope the hack does not occur when driving.
Before you ever switch to an electric car, find out what steps the dealership and manufacturer are taking to keep your vehicle safe from hacking.