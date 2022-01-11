Failure This is not a vulnerability in the Tesla infrastructure , but the hacker details that it is clearly fault of car owners . Colombo declined to elaborate on this, but says it is not testing leaked passwords en masse to see if any match. Therefore, it is a mystery how he managed to access those cars without trying passwords.

And that is what seems to be happening with dozens of Tesla car owners . A hacker named David Colombo published yesterday a series of tweets in which he warned that he currently has full control of over 25 Tesla cars in 13 different countries , and all this without the car owners knowing.

Regarding what I’m able to do with these Tesla’s now.

This includes disabling Sentry Mode, opening the doors / windows and even starting Keyless Driving.

Colombo claims he can run actions remotely in all those cars, including the disable sentry mode, open windows and doors, and even make use of the function of Keyless driving, which enables open and drive the car without having the key on it. Instead of the key, it is the mobile that acts as the identifier with this functionality, so that anyone logged in with your account on a mobile phone can open the car and drive it.

In addition to these dangerous functions, it is also possible to know the exact location of each car, see if someone is driving the car, and much more. You can even play YouTube videos directly on car screens at maximum volume, which can lead to an accident.

Activate 2-Step Verification on your Tesla account

The Tesla account and mobile app support two-step verification with apps like Google Authenticator. The problem is that activating this option is optional, and since it was launched in October 2020, most users do not have it activated.

Colombo says that he will write in detail about how he has gained access to Tesla users’ cars in the near future. However, before publishing it, you are going to make sure that all affected cars are protectedIn addition, it is waiting to receive a CVE code associated with the failure.

If you have a Tesla, it is best to immediately activate the function of two-step verification for your Tesla account, as you may be jeopardizing your car and letting someone steal it if you are reusing passwords (hacked or not), or using too easy a password. Thus, in the event that someone can access your account through this failure, you make sure that they need the unique access code that only you have. This is, of course, assuming that the vulnerability does not allow direct access to an account without having to use the password, which would be even more dangerous.