A security researcher identified a vulnerability in the third-party software TeslaLogger, used for data collection in Tesla vehicles, due to insecure default settings allowing unauthorized access. The vulnerabilities in TeslaLogger, an open-source logger for Tesla cars, were exploited by the researcher to access the cars' data and API keys, potentially granting full control over the vehicles. This issue was due to Tesla integrations requesting excessive permissions, susceptible to compromise the car's state
Despite Tesla's Role-Based Access Control, compromised tokens could grant attackers remote control. The researcher responsibly disclosed the vulnerabilities and worked with the software maintainer to address the weaknesses, including securing API credentials and adding authentication measures. This incident highlights the risks posed by third-party software in compromising the security of Tesla vehicles and emphasizes the importance of prompt mitigation and collaboration between researchers and developers to enhance cybersecurity. ```https://cybersecuritynews.com/30-tesla-cars-hacked/