A Hacker Reportedly Gained Access to Tesla’s Entire Fleet
A new Electrek story details the saga of Jason Hughes, a whitehat hacker who says he managed to gain a flabbergasting level of access to Tesla’s internal servers — managing to seize control of the company’s entire fleet of electric vehicles.
The alleged hack took place back in March 2017, and Hughes immediately alerted Tesla’s security team, which quickly patched the security hole. Still, it’s a fascinating glimpse at the perils of connected vehicles.
Hughes told Electrek that he pulled the hack off by discovering an escalating series of weaknesses in Tesla’s fleet management systems. Eventually, he gained access so deep that he could look up the location of individual Tesla vehicles and even activate their “Summon” feature, causing them to drive remotely. Electrek‘s Fred Lambert, who apparently knew about the hack at the time, said that Hughes was able to provide the precise location and other information about his own Tesla.
Because of the gravity of the situation, Hughes said that he contacted the company’s head of software security directly, who asked him to prove the hack by activating the Summon feature on a car in California. After Hughes did so successfully, and submitted a vulnerability report that he has now shared online, he says that Tesla paid him an unprecedented $50,000 bug bounty.