A 19-year-old security researcher from Germany claims to have remote access to more than 25 Tesla cars in 13 countries.
David Colombo, who has previously claimed to have found vulnerabilities in the US Department of Defence, said in a Twitter thread that a software flaw gave him remote command of the cars without the owners’ knowledge.
While not giving full remote control access to drive the car, Mr Colombo says he could disable security systems, open doors and windows, start the engine, flashlights, play music and “remotely rick roll the affected owners by playing Rick Astley on Youtube in their Teslas”.
He said the vulnerability was the “fault” of the owner and not in Tesla’s infrastructure, adding that he could see if a driver is in the car and could identify its exact location.
“It’s primarily the owners (& a third party) fault,” Mr Colombo told Bloomberg News.
Tesla did not respond to The Independent’s request for comment, but Mr Colombo said the company’s security team confirmed to him they are investigating the vulnerability.
“I think it‘s pretty dangerous, if someone is able to remotely blast music on full volume or open the windows/doors while you are on the highway,” Mr Colombo said in a tweet.
“Even flashing the lights non-stop can potentially have some (dangerous) impact on other drivers.”
The claims went viral online with more than 6,000 likes, but the details of the vulnerabilities have not been made public.
Tesla has a bug bounty program for researchers that can hack the car’s systems or identify vulnerabilities, with that rewards reportedly ranging from a free Model 3 to as much as $15,000.
Mr Colombo did not respond to questions about his claims by the time of publication.