Big Hack
A new Electrek story details the saga of Jason Hughes, a whitehat hacker who says he managed to gain a flabbergasting level of access to Tesla’s internal servers — managing to seize control of the company’s entire fleet of electric vehicles.
The alleged hack took place back in March 2017, and Hughes immediately alerted Tesla’s security team, which quickly patched the security hole. Still, it’s a fascinating glimpse at the perils of connected vehicles.
Security Breach
Hughes told Electrek that he pulled the hack off by discovering an escalating series of weaknesses in Tesla’s fleet management systems. Eventually, he gained access so deep that he could look up the location of individual Tesla vehicles and even activate their “Summon” feature, causing them to drive remotely. Electrek‘s Fred Lambert, who apparently knew about the hack at the time, said that Hughes was able to provide the precise location and other information about his own Tesla.
Because of the gravity of the situation, Hughes said that he contacted the company’s head of software security directly, who asked him to prove the hack by activating the Summon feature on a car in California. After Hughes did so successfully, and submitted a vulnerability report that he has now shared online, he says that Tesla paid him an unprecedented $50,000 bug bounty.
Electric Gravy
Surprisingly, Electrek pointed out, Musk appeared to allude to the secret hack onstage at an event, just a few months after it happened.
“In principle, if someone was able to say hack all the autonomous Teslas, they could say — I mean just as a prank — they could say ‘send them all to Rhode Island’ — across the…