? Subscribe to BBRE Premium and support Ukraine: https://premium.bugbountyexplained.com/
✉️ Sign up for the mailing list: https://mailing.bugbountyexplained.com/
? Follow me on Twitter: https://twitter.com/gregxsunday

This video is an explanation of a vulnerability that allowed stealing an API token to a Tesla car. Successful exploitation of this bug would allow stealing the Tesla car. The bug was found by David Colombo and reported to Tesla’s bug bounty program.

Other charities:

? Get $100 in credits for Digital Ocean: https://m.do.co/c/cc700f81d215

Report: https://medium.com/@david_colombo/how-i-got-access-to-25-teslas-around-the-world-by-accident-and-curiosity-8b9ef040a028
Reporter’s Twitter: https://twitter.com/david_colombo_

00:00 Intro
00:50 How is the TeslaMate application built?
02:56 Leaking the API token
04:00 Finding more vulnerable Teslas
04:33 Was this Tesla’s fault?
04:57 The fix

Photo from the thumbnail used thanks to the courtesy of Tesla, Inc.

Add comment

Your email address will not be published. Required fields are marked *