The 19-year-old cybersecurity researcher who remotely accessed several Teslas through a third-party flaw has a new trick: hacking the car owners' email addresses to notify them they're at risk.
This month, David Colombo discovered a flaw in a piece of third-party open-source software that let him remotely hijack some functions on about two dozen Teslas, including opening and closing the doors or honking the horn. In trying to notify the affected car owners, he then found a flaw in Tesla's software for the digital car key that allowed him to learn their email addresses.
Colombo said the defect was in a Tesla application programming interface, or API. After he publicized his first discovery, a Twitter user suggested contact details for the affected owners could be found in the code that allows two pieces of software to communicate with each other, also known as an API endpoint.