A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.

David Colombo explained in the thread that the flaw was “not a vulnerability in Tesla’s infrastructure. It’s the owner’s faults.” He claimed to be able to disable a car’s remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car’s exact location.

[…]

On a related note, early on Wednesday morning, a third-party Tesla app called TezLab reported that it saw the “simultaneous expiry of several thousand Tesla authentication tokens from Tesla’s side.” TezLab’s app makes use of Tesla APIs that allow apps to do things like log in to the car and enable or disable the anti-theft camera system, unlock the doors, open the windows, and so on.

Source: Teen hacker finds bug that lets him control 25+ Teslas remotely | Ars Technica

[…]

Commissioners told the court that all of Bernalillo County, which covers the US state of New Mexico’s largest city Albuquerque, had been affected by a January 5, 2022, ransomware attack, including the Metropolitan Detention Center (MDC) that houses some of the state’s incarcerated.

[…]

Over the phone, a spokesperson for the facility told The Register on Wednesday that services are still being repaired.

The attack took automatic security doors offline on January 5th, requiring officials to open doors manually with keys until that particular function could be revived.

Officials said in their filing that County-operated databases, servers, and internet service had been compromised. At MDC, this has meant limited access to email and no access to County wireless internet. This is particularly problematic, the officials say, because the MDC’s structure and location interferes with cellular service.

“One of the most concerning impacts of the cyber attack is that MDC is unable to access facility cameras,” they explained. “As of the evening of January 5th, there was no access to cameras within the facility.”

MDC instituted a temporary lockdown in response to the situation. Court-related video conferences are also not happening.

Several County databases at MDC are also believed to have been corrupted by the attack.

“The Incident Tracking System (ITS), the database in which MDC creates and houses all incident reports, including inmate fights, use of force, allegations of violations of the Prison Rape Elimination Act, is not currently available as it is suspected to be corrupted by the attack,” the filing states.

“Further, the Offender Management System (OMS) which MDC uses to store and access information about inmates including inmate account data is likewise unavailable at the present.”

[…]

The plaintiffs in the case have taken the opportunity to submit the statement [PDF] of a registered nurse who announced that she was quitting her job at MDC because of concerns about conditions there. The nurse, Taileigh Sanchez, describes dire staff shortages at MDC and problems with a new electronic medical records system, issues that have been made worse by the ransomware attack.

The attack denied access to current medical records, she said, which may have prevented some inmates from getting their medications.

Sanchez said she told supervisors about her concerns – which date back before the ransomware hit – but faced retaliation. “Even though I like my job, and have even been here 11 years, I will be resigning my full-time position effective immediately due to the safety concerns I have for our clientele and our staff,” she said in her declaration.

Source: Ransomware puts New Mexico prison in lockdown • The Register