This was a vulnerability in the default Grafana config [1] of https://github.com/adriankumpf/teslamate, which allows a Tesla owner to use the Tesla API on their own infra to log data from the vehicle. It appears Tesla deauthorized auth tokens en masse due to this [2].
Did anyone bother to check that this bug has nothing to do with Tesla before proudly announcing their EM hatred? It was a 3rd party app that asked users to hand over their email address and password.
This headline is dishonest reporting honestly and I’m really saddened when I see ars technica do this. They chip away at the truth for a few clicks. To say a hacker is “controlling” an electric car means that he is driving it around and there is absolutely no other reasonable interpretation of that headline. So the headline imprints itself in the minds of thousands who never read the article where it says the hacker actually doesn’t control the car… ars gets their traction and Tesla has something stolen from them unjustly. It’s sickening. You can dislike Elon musk but when you are polluting the air with lies then you are just scum.
8 comments
[ 3.1 ms ] story [ 33.3 ms ] thread[1] https://github.com/adriankumpf/teslamate/commit/fff6915e7364... (relevant commit)
[2] https://twitter.com/TezLabApp/status/1481180064926547969
Imagine an attack like this one that did a supply chain attack on the next firmware update to all vehicles: https://arstechnica.com/information-technology/2018/02/tesla...
> David Colombo says it's the owners' faults, not an infrastructure vulnerability.
So, to answer your question, yes someone did bother to check.