Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Tesla did not respond to a request for comment sent to several email addresses, including the company’s investor relations inbox, the press inbox, and one to report security vulnerabilities. Colombo stressed that the issues he found are not Tesla’s fault. The only Teslas that were exposed were those whose owners used a specific third-party app. Without getting too specific, the crux of the issue was that the third-party app communicates with Tesla to pull the car owner’s data through the company’s API. The problem is that the app exposes the private API key of many owners to the internet, where everyone who knows where to look—like Colombo—can find it. Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.Do you research vulnerabilities on Teslas or other cars? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com