Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

Teen's Tesla hack shows how vulnerable third-party apps may make cars

Teen's Tesla hack shows how vulnerable third-party apps may make cars

A German teenager says he found a vulnerability in an app installed in some Teslas, which allowed him the ability to unlock doors, flash headlights and blast music. The hack highlights the relative lack of oversight in apps that some drivers can download to their cars.

David Colombo identified a vulnerability in TeslaMate, a third-party app that some Tesla owners use to analyze data from their vehicle. He was able to access 25 Teslas that use the app, and he did not have access to steering, braking or acceleration, which could be especially dangerous.

The exploit did unlock a litany of potential unwelcome possibilities for drivers, the hacker said.

"Imagine music blasts at max volume and every time you want to turn it of [sic] it just starts again or imagine every time you unlock your doors they just lock again," Colombo, the 19-year-old behind the hack, wrote in a Medium post detailing the hack. Colombo said that he could even track the location of Tesla vehicles as their owners went about their day.

Colombo told CNN Business that he immediately reported the vulnerability that enabled the hack to involved parties, including Tesla. Colombo leads a cybersecurity company, and it is not uncommon for security researchers to seek out software vulnerabilities for potential compensation. Tesla offers cash incentives to people who report flaws in its software, but Colombo said he wasn't paid as the vulnerability was in a third-party app, not Tesla infrastructure.

(TeslaMate and Tesla did not respond to a request for comment.)

Cars, including Teslas, have been hacked before. But cybersecurity experts believe this is the first time a vehicle has been hacked through an app that has been granted access direct access to some vehicle controls and data. TeslaMate software is installed on a computer that is not the vehicle, and then accesses the vehicle through its interface for apps. Apps can delight drivers with services their car wouldn't otherwise have, as well as create new revenue for automakers through app-related fees.

But cybersecurity experts caution that the auto industry must mature, as there are growing risks as in-car apps become increasingly common in the years ahead.

"[Automakers] need to think about self-defending cars before self-driving cars," Srinivas Kumar, a vice president at the cybersecurity company DigiCert who leads efforts to protect connected devices, told CNN Business. "If a car can't defend itself from an attack, do you trust it to be self-driving?"

Colombo said that preventing future hacks will require collaboration between automakers, app makers and car owners.

One way to prevent a hack of this nature, he said, would be if Tesla more thoroughly restricted apps' access to data and commands. For example, an app could be restricted to only be able to view data, such as whether the doors are locked, but not be able to unlock them.

"In a perfect world those apps in an app store that you could download to your Tesla wouldn't have access to anything critical," Colombo said.

Third-party apps are increasingly becoming available in new cars. Some newer models offer a limited range of apps on their infotainment system. Some Cadillac drivers can download Spotify, NPR and the Weather Channel, for instance. Newer Ford models offer apps like Waze, Domino's and Pandora.

Tesla has not officially launched a way for app creators to add apps to its vehicles. But tech savvy Tesla enthusiasts have written about how to do so.

Moshe Shlisel, the CEO of Israeli cybersecurity company GuardKnox, said that automakers should scrutinize apps that end up on their vehicles to ensure safety. GuardKnox is developing a way for cars to monitor their apps and shut them down if they're doing something wrong, such as communicating to an off-limits part of the vehicle.

"It's a wake-up call to the entire industry," Shlisel said of Colombo's hack.

He expects that cars in the future will have hundreds of thousands of apps to choose from.

General Motors reviews apps and scans them for vulnerabilities, according to spokesman Darryll Harrison. Ford, which also allows a limited set of apps on some vehicles, declined to comment for this story.

But screening apps displayed on infotainment systems won't stop a person with sophisticated technical abilities from running an app on a vehicle independent of the automaker's approval. This could be done through a USB connection or an over-the-air vulnerability as occurred in the Tesla hack, according to cybersecurity experts.

The National Highway Traffic Safety Administration released best practices for cybersecurity in 2016, but it hasn't created standards for apps installed in vehicles. Neither has the auto industry.

"Right now it's open season," Shlisel said.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
IMF Upgrades Global Growth Forecast as Weaker Dollar Supports Outlook
House Republicans Move to Defund OECD Over Global Tax Dispute
France Opens Criminal Investigation into X Over Algorithm Manipulation Allegations
Trump Steamrolls EU in Landmark Trade Win: US–EU Trade Deal Imposes 15% Tariff on European Imports
ChatGPT CEO Sam Altman says people share personal info with ChatGPT but don’t know chats can be used as court evidence in legal cases.
Intel Reports Revenue Beats but Sees 81% Rise in Losses
Politics is a good business: Barack Obama’s Reported Net Worth Growth, 1990–2025
UN's Top Court Declares Environmental Protection a Legal Obligation Under International Law
"Crazy Thing": OpenAI's Sam Altman Warns Of AI Voice Fraud Crisis In Banking
The Podcaster Who Accidentally Revealed He Earns Over $10 Million a Year
UK Government Considers Dropping Demand for Apple Encryption Backdoor
Japanese Man Discovers Family Connection Through DNA Testing After Decades of Separation
Russia Signals Openness to Ukraine Peace Talks Amid Escalating Drone Warfare
Switzerland Implements Ban on Mammography Screening
Pogacar Extends Dominance with Stage Fifteen Triumph at Tour de France
President Trump Diagnosed with Chronic Venous Insufficiency After Leg Swelling
CEO Resigns Amid Controversy Over Relationship with HR Executive
NVIDIA Achieves $4 Trillion Valuation Amid AI Demand
Tulsi Gabbard Unveils Evidence Alleging Political Manipulation of Intelligence During Trump Administration
Centrist Criticism of von der Leyen Resurfaces as she Survives EU Confidence Vote
Trump Announces Coca-Cola to Shift to Cane Sugar in U.S. Production
FIFA Pressured to Rethink World Cup Calendar Due to Climate Change
Zelensky Reshuffles Cabinet to Win Support at Home and in Washington
"Can You Hit Moscow?" Trump Asked Zelensky To Make Putin "Feel The Pain"
Church of England Removes 1991 Sexuality Guidelines from Clergy Selection
Superman Franchise Achieves Success with Latest Release
Hungary's Viktor Orban Rejects Agreements on Illegal Migration
Air India Pilot’s Mental Health Records Under Scrutiny
Jamie Dimon Warns Europe Is Losing Global Competitiveness and Flags Market Complacency
Moonshot AI Unveils Kimi K2: A New Open-Source AI Model
Martha Wells Says Humanity Still Far from True Artificial Intelligence
Nvidia Becomes World’s First Four‑Trillion‑Dollar Company Amid AI Boom
EU Delays Retaliatory Tariffs Amid New U.S. Threats on Imports
Trump Proposes Supplying Arms to Ukraine Through NATO Allies
US Opens First Rare Earth Mine in Over 70 Years in Wyoming
Bitcoin Reaches New Milestone of $116,000
Severe Heatwave Claims 2,300 Lives Across Europe
Declining Beer Consumption Signals Cultural Shift in Germany
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
Western Europe Records Hottest June on Record
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
China’s Central Bank Consults European Peers on Low-Rate Strategies
France Requests Airlines to Cut Flights at Paris Airports Amid Planned Air Traffic Controller Strike
Poland Implements Border Checks Amid Growing Migration Tensions
Emirates Airline Expands Market Share with New $20 Million Campaign
Amazon Reaches Milestone with Deployment of One Millionth Robot
Yulia Putintseva Calls for Spectator Ejection at Wimbledon Over Safety Concerns
House Oversight Committee Subpoenas Former Jill Biden Aide Amid Investigation into Alleged Concealment of President Biden's Cognitive Health
×