📧 Subscribe to BBRE Premium and support Ukraine: https://premium.bugbountyexplained.com/
✉️ Sign up for the mailing list: https://mailing.bugbountyexplained.com/
📣 Follow me on Twitter: https://twitter.com/gregxsunday

This video is an explanation of a vulnerability that allowed stealing an API token to a Tesla car. Successful exploitation of this bug would allow stealing the Tesla car. The bug was found by David Colombo and reported to Tesla’s bug bounty program.

Other charities:
https://www.siepomaga.pl/en/pah-ukraina
https://pck.pl/na-pomoc-ukrainie/
https://bank.gov.ua/ua/news/all/natsionalniy-bank-vidkriv-spetsrahunok-dlya-zboru-koshtiv-na-potrebi-armiyi

🖥 Get $100 in credits for Digital Ocean: https://m.do.co/c/cc700f81d215

Report: https://medium.com/@david_colombo/how-i-got-access-to-25-teslas-around-the-world-by-accident-and-curiosity-8b9ef040a028
Reporter’s Twitter: https://twitter.com/david_colombo_

Timestamps:
00:00 Intro
00:50 How is the TeslaMate application built?
02:56 Leaking the API token
04:00 Finding more vulnerable Teslas
04:33 Was this Tesla’s fault?
04:57 The fix

Photo from the thumbnail used thanks to the courtesy of Tesla, Inc.

Add comment

Your email address will not be published.