Hacker tells how he took control of Tesla cars

“It was really interesting to do this from my bedroom in Germany,” says David Colombo, 19 and neo-celebrity status.

Perhaps the “it” he did inside his home was to take control of various functions of at least 25 Tesla cars in 13 countries, exposing a critical security flaw for the autopilot industry.

The episode took place earlier this year and, says the hacker, had an accidental start. Owner of a cybersecurity company, he provided services for a French company when he needed to study a certain software. In the process, he ended up finding the flaw that gave him access to the vehicles.

And what could he do if he wanted to? Opening doors and windows, finding the vehicle’s location, knowing whether or not someone was inside, fiddling with the radio and flashing lights. Things he claims he didn’t do without the owners’ permission. He had no way to drive them remotely, but he could unlock them and drive the cars around if he was close to them. In addition, of course, to being able to greatly disrupt the life of a driver who was driving them at that moment.

Detected the failure, he notified the company, which responded quickly, fixing the problem. Only after that did he make the story public.

Five years ago, Tesla CEO Elon Musk joked about the dangers of digital security. “In theory, if someone could hack all the self-driving Teslas, they could send them all to Rhode Island. [o menor estado dos EUA]”, it read. “It would be the end of Tesla and there would be a lot of angry people in Rhode Island.”

What happened now shows that the time of the joke is behind us.

“We are getting more and more vulnerable, without a doubt,” Colombo said during the World Government Summit, an annual event held in Dubai, United Arab Emirates. “We’re not talking about cyberattacks that could happen, but attacks that are already happening.”

The hacker had to convince his family and school that his professional life was precisely this real problem.

“I got interested in technology at age 9, when I got my first smartphone,” he says. A year later came the first laptop. “It opened up a whole new world for me. I wanted to know how it works.”

He started programming and discovered vulnerabilities in the code he wrote. That’s where the interest in cybersecurity was born. “I spent all my time learning. Three in the morning I was sitting in front of my laptop.”

Naturally, there was no time for school. He got a special permit to go to school no more than twice a week and went on to dedicate himself to his new company.

“You don’t have to go to university to learn about cybersecurity. It’s not like becoming a doctor. You can use the internet to learn about the internet,” he says. “What’s behind this isn’t magic.”

Journalist Roberto Dias traveled at the invitation of the United Arab Emirates News Agency