The teenager has gained remote access to over 25 Tesla around the world.Location of cars, opening the door, starting the car ...
19 years old from Germany describes his adventure with access to cars here.
Step by step, the whole action looked like this:
- Zlokalizowanie w internecie instancji oprogramowania TeslaMate (Google, Shodan, Zoomeye …)
After connecting with a browser, the location of the "random" car is visible here (i.e..configured in the instance Teslamate):
Next (i.e..Dashboards tab), however, failed to get, so looking for other NMAP input methods:
Oh, maybe you will be able to play in Freeciv in Tesla?(port 5555).Not necessarily;) Because on this port you can see a map of routes, route speed or current location of the car):
2.Okay, good, but what about this opening of the car?
Well, on another port there was a graphana containing a component: Grafana Explore (enabling any queries).Only access requires login there.But the default graphan installation (from Teslamate) had the default login data: admin: admin :-)
What's next?The appropriate question in the graph could be pulled out the API key that has already enabled the connection to API Tesla.
3.With the key of the API, you could do M.in.Such operations:
You can do it in this way:
What's more - as with the keys of the API - change of password to the Tesla account did not block access to the API, stolen with the key.
Everything was reported to Tesla (which annulled thousands of API keys) and the creators of Teslamate (who introduced appropriate patches).
~ Michał Sajdak
