Colombo said the defect was in a Tesla application programming interface, or API. After he publicized his first discovery, a Twitter user suggested contact details for the affected owners could be found in the code that allows two pieces of software to communicate with each other, also known as an API endpoint.
Read more: Teen cyber prodigy stumbled onto flaw letting him hijack Teslas
“Once I was able to figure out the endpoint, I was indeed able to carry the email address associated with the Tesla API key, the digital car key,” Colombo said in an interview Monday with Bloomberg Television. “You shouldn’t be able to carry sensitive information like an email address using an access that is already expired or revoked.”
The teenager, from Dinkelsbühl, Germany, said he has shared the additional vulnerability with Tesla, and the car company’s engineers have written a fix to prevent it from happening in the future.
Tesla didn’t respond to a request for comment. Colombo said his additional discovery should be eligible for a “bug bounty” from Tesla — consistent with the company’s policy — but officials there haven’t confirmed an amount with him. He joked that he hopes the sum is big enough to cover the coffee bill he’s amassed working on the original flaw the last two weeks.
Become an Insider
Comments - share your knowledge and experience
Please note you must be a Maverick Insider to comment. Sign up here or sign in if you are already an Insider.
Everybody has an opinion but not everyone has the knowledge and the experience to contribute meaningfully to a discussion. That’s what we want from our members. Help us learn with your expertise and insights on articles that we publish. We encourage different, respectful viewpoints to further our understanding of the world. View our comments policy here.
No Comments, yet