Colombo did not provide specific details on how he obtained access to the vehicle’s system but noted it wasn’t the result of a vulnerability in Tesla’s underlying infrastructure. The researcher claimed he was actively trying to notify the owners of the affected vehicles, and that he would release more technical details once the affected drivers were “able to take appropriate measures.”
Colombo did not immediately respond to Gizmodo’s request for comment and Gizmodo could not independently confirm the veracity of his findings, so please take them with a grain of salt.
That caveat aside, the researcher’s findings seem to have gotten Tesla’s attention. In an update, the researcher said Tesla’s security team had reached out and was launching its own investigation into his findings. Gizmodo reached out to Tesla as well but hasn’t heard back. (Tesla shut down its PR department in 2020 and limits its public comments.)
Advertisement
If Colombo’s claims are true, this wouldn’t be the first time hackers and researchers have gained remote access to Tesla vehicles. In 2020, a security researcher from the U.K. named Lennert Wouters demonstrated how a vulnerability in Tesla’s keyless entry feature could potentially allow bad actors the ability to rewrite a key fobs’ firmware over Bluetooth to unlock and potentially steal a Model X vehicle.
Then, last year, a pair of security researchers were able to remotely hack into a Tesla’s infotainment system using a drone. In that case, the researchers were reportedly able to remotely unlock doors, change seat positions, play music, and mess with the climate control settings.
Advertisement
Tesla addressed each of these vulnerabilities in the past and maintains an active bug bounty program where pre-approved security researchers can register vehicles for testing. Those researchers in turn can reportedly receive anywhere from $100-$15,000 for discovering a qualifying vulnerability. It’s unclear whether or not these rewards would apply to Colombo’s findings.
Regardless, if Colombo’s findings are legitimate, they could add yet another headache for Tesla, which in recent months has had to contend with multiple recalls, a federal investigation, and reports of a first major crash involving its Full Self Driving beta feature.
Advertisement
The most recent recall, which involved 356,309 Model 3 sedans and 119,009 Model S vehicles, revolved around issues with a rearview camera harness and a misaligned latch in the front trunk of certain vehicles. Unlike a previous recall of 11,704 vehicles that Tesla was able to patch via an over-the-air update, it appears some vehicles implicated in the more recent recall required physical repairs in service centers.
Tesla’s FSD beta is also coming under renewed scrutiny this week in California, where the state’s Department of Motor Vehicles is reportedly reviewing the feature to determine whether or not it meets the legal definition of “autonomous,” The Washington Post notes. That’s potentially significant because recognition of Tesla’s vehicles as autonomous under California law could open the company up to new rules and regulations.
Advertisement
“The DMV has notified Tesla that the department will be initiating further review of the technology on their vehicles, including any expansion of the current programs or features,” a DMV spokeswoman told the Post. “If the capabilities of the features meet the definition of an autonomous vehicle according to California law and regulations, DMV will take steps to make certain that Tesla operates under the appropriate autonomous vehicle permits.”
Though Tesla and CEO Elon Musk have exaggerated the ability of its driver assistance features in the past, the company has walked those claims back and stated FSD isn’t currently capable of full autonomy.
Advertisement