The Big Tesla Hack: A hacker gained control over the entire fleet

AmiMoJo writes: A few years ago, a hacker managed to exploit vulnerabilities in Tesla’s servers to gain access and control over the automaker’s entire fleet. In July 2017, Tesla CEO Elon Musk got on stage at the National Governors Association in Rhode Islandand confirmed that a “fleet-wide hack” is one of Tesla’s biggest concerns as the automaker moves to autonomous vehicles. What Musk knew that the public didn’t was that Tesla got a taste of that actually happening just a few months prior to his talk.

Back in 2017, Jason Hughes was already well known in the Tesla community under his WK057 alias on the forums. The hacker told Electrek: “I realized a few of these things could be chained together, the official term is a bug chain, to gain more access to other things on their network. Eventually, I managed to access a sort of repository of server images on their network, one of which was ‘Mothership’.” Mothership is the name of Tesla’s home server used to communicate with its customer fleet.

After downloading and dissecting the data found in the repository, Hughes started using his car’s VPN connection to poke at Mothership. He eventually landed on a developer network connection. That’s when he found a bug in Mothership itself that enabled him to authenticate as if it was coming from any car in Tesla’s fleet. All he needed was a vehicle’s VIN number, and he had access to all of those through Tesla’s “tesladex” database thanks to his complete control of Mothership, and he could get information about any car in the fleet and even send commands to those cars.

It’s at that point that Hughes decided to compile a bug report. Within minutes of receiving that email on that Friday afternoon in March of 2017, Tesla called Hughes. Hughes asked Tesla to give him the VIN number of the Tesla vehicle closest to him. The hacker proceeded to “summon” the car, which was in California, from his home in North Carolina.