London Daily

Focus on the big picture.
Friday, Jul 17, 2026

Teen's Tesla hack shows how vulnerable third-party apps may make cars

Teen's Tesla hack shows how vulnerable third-party apps may make cars

A German teenager says he found a vulnerability in an app installed in some Teslas, which allowed him the ability to unlock doors, flash headlights and blast music. The hack highlights the relative lack of oversight in apps that some drivers can download to their cars.

David Colombo identified a vulnerability in TeslaMate, a third-party app that some Tesla owners use to analyze data from their vehicle. He was able to access 25 Teslas that use the app, and he did not have access to steering, braking or acceleration, which could be especially dangerous.

The exploit did unlock a litany of potential unwelcome possibilities for drivers, the hacker said.

"Imagine music blasts at max volume and every time you want to turn it of [sic] it just starts again or imagine every time you unlock your doors they just lock again," Colombo, the 19-year-old behind the hack, wrote in a Medium post detailing the hack. Colombo said that he could even track the location of Tesla vehicles as their owners went about their day.

Colombo told CNN Business that he immediately reported the vulnerability that enabled the hack to involved parties, including Tesla. Colombo leads a cybersecurity company, and it is not uncommon for security researchers to seek out software vulnerabilities for potential compensation. Tesla offers cash incentives to people who report flaws in its software, but Colombo said he wasn't paid as the vulnerability was in a third-party app, not Tesla infrastructure.

(TeslaMate and Tesla did not respond to a request for comment.)

Cars, including Teslas, have been hacked before. But cybersecurity experts believe this is the first time a vehicle has been hacked through an app that has been granted access direct access to some vehicle controls and data. TeslaMate software is installed on a computer that is not the vehicle, and then accesses the vehicle through its interface for apps. Apps can delight drivers with services their car wouldn't otherwise have, as well as create new revenue for automakers through app-related fees.

But cybersecurity experts caution that the auto industry must mature, as there are growing risks as in-car apps become increasingly common in the years ahead.

"[Automakers] need to think about self-defending cars before self-driving cars," Srinivas Kumar, a vice president at the cybersecurity company DigiCert who leads efforts to protect connected devices, told CNN Business. "If a car can't defend itself from an attack, do you trust it to be self-driving?"

Colombo said that preventing future hacks will require collaboration between automakers, app makers and car owners.

One way to prevent a hack of this nature, he said, would be if Tesla more thoroughly restricted apps' access to data and commands. For example, an app could be restricted to only be able to view data, such as whether the doors are locked, but not be able to unlock them.

"In a perfect world those apps in an app store that you could download to your Tesla wouldn't have access to anything critical," Colombo said.

Third-party apps are increasingly becoming available in new cars. Some newer models offer a limited range of apps on their infotainment system. Some Cadillac drivers can download Spotify, NPR and the Weather Channel, for instance. Newer Ford models offer apps like Waze, Domino's and Pandora.

Tesla has not officially launched a way for app creators to add apps to its vehicles. But tech savvy Tesla enthusiasts have written about how to do so.

Moshe Shlisel, the CEO of Israeli cybersecurity company GuardKnox, said that automakers should scrutinize apps that end up on their vehicles to ensure safety. GuardKnox is developing a way for cars to monitor their apps and shut them down if they're doing something wrong, such as communicating to an off-limits part of the vehicle.

"It's a wake-up call to the entire industry," Shlisel said of Colombo's hack.

He expects that cars in the future will have hundreds of thousands of apps to choose from.

General Motors reviews apps and scans them for vulnerabilities, according to spokesman Darryll Harrison. Ford, which also allows a limited set of apps on some vehicles, declined to comment for this story.

But screening apps displayed on infotainment systems won't stop a person with sophisticated technical abilities from running an app on a vehicle independent of the automaker's approval. This could be done through a USB connection or an over-the-air vulnerability as occurred in the Tesla hack, according to cybersecurity experts.

The National Highway Traffic Safety Administration released best practices for cybersecurity in 2016, but it hasn't created standards for apps installed in vehicles. Neither has the auto industry.

"Right now it's open season," Shlisel said.

Newsletter

Related Articles

0:00
0:00
Close
Tech Companies Want to Move Computing Off Your Screen and Onto Your Body
White House Teleprompter Operator Earned More Than $100,000 From Bets Linked to the President's Speeches
UK Government Faces Pressure Over Extreme Heat Workplace Rules
Lewisham Council Blocks Cooperation With Home Office Immigration Enforcement
UK Parliament Investigates Growing Pressures on Scotch Whisky Industry
Teen Hackers Sentenced Over Thirty-Nine Million Pound Transport for London Cyber Attack
Ministry of Defence Acquires Scottish Fuel Terminal to Strengthen Royal Navy Operations
Bank of England Eases Rules as Economic Growth Remains Weak
Bank of England Governor Warns Andy Burnham on Britain’s Long Economic Stagnation
UK Defence Ministry Buys Scottish Fuel Terminal to Secure Naval Energy Supplies
UK Secures Access to European Defence Contracts Through Ukraine Support Deal
Bank of England Plans Easier Capital Rules to Encourage More Lending
Met Office Says England and Wales Have Already Broken Summer Heat Records
Counter-Terrorism Police Lead Investigation Into Murder of Former Minister Ann Widdecombe
UK Government Nationalises British Steel to Protect Domestic Steel Production
French National Assembly Overrides Senate to Pass Historic Assisted-Dying Legislation
Spanish Prime Minister's Wife Ordered to Stand Trial as Corruption Probes Encircle Governing Party
Zelensky Faces Kyiv Protests Over Ousting of Dynamic Ukrainian Defense Minister
Colombia Influencer Dies After Cosmetic Procedure at Unlicensed Bogota Salon
Thomas Tuchel Faces Fierce Backlash After Tactical Retreat Costs England World Cup Final Berth
A Quiet Bastille Day: France Grapples with World Cup Heartbreak and Leftover Fireworks
Canadian Wildfire Crisis Triggers Transnational Air Quality Alerts Ahead of Soccer Finale
UK Housing Reform Debate Intensifies Over Tenant Protection Measures
UK Defence Official Challenges Russian Narrative on NATO Readiness and European Security
UK Names Independent Member to Judicial Pension Board to Strengthen Oversight
UK Parliamentary Committee Sets New Framework for Select Committee Leadership Roles
UK Government Pushes Energy Savings Through School Solar Expansion Plan
UK Committee Reviews Future of Gaelic Broadcasting and Language Support
UK Government Expands Industrial Skills Support in Wales as Steel Sector Faces Change
UK Rejects Russian Claims That European Defence Spending Is Aggressive
UK Schools and Gaelic Broadcasting Among Areas Reviewed in New Parliamentary Inquiries
UK Housing Committee Calls for Stronger Tenant Protections Under Rental Reform Plans
UK Government Faces Pressure for Stronger Oversight After South East Water Failings Report
UK Parliament Opens Inquiry Into Safety of Women and Girls on Public Transport
UK Defence Ministry Appoints Interim Chief Defence Medical Officer During Transition Period
UK Government Announces Five Million Pound Skills Programme for Young People in Port Talbot
UK Government Launches Solar Programme to Cut Energy Costs for Schools
Met Office Warns Extreme Weather Is Becoming More Common Across the UK
UK Government Faces Internal Debate Over New Chancellor Appointment Under Andy Burnham
Andy Burnham Set to Become UK Prime Minister After Keir Starmer’s Resignation
UK Economy Grows Slightly in May as Supply Chain Disruptions Continue to Weigh on Industry
British Steel Moves Into UK Public Ownership to Protect Domestic Steel Production and Jobs
Spain in Ecstasy: "We Feel Unbeatable, We Taught the Whole World a Lesson"
Spain and UK Dismantle Gibraltar Border Following Landmark Schengen Integration Treaty
Church of England Rejects Plan to Rewild Thirty Percent of Land by 2030
UK Parliament Examines Future of Gaelic Broadcasting in Scotland
Thames Water Faces Criticism Over Four Million Pounds in Bonus Payments
South East Water Crisis Puts UK Water Regulation Under Renewed Scrutiny
UK Report Highlights Racial Inequality in Homelessness Support Services
UK Government Defends Proposed Social Media Curfew for Teenagers Despite Criticism
×