London Daily

Focus on the big picture.
Friday, Sep 12, 2025

Teen's Tesla hack shows how vulnerable third-party apps may make cars

Teen's Tesla hack shows how vulnerable third-party apps may make cars

A German teenager says he found a vulnerability in an app installed in some Teslas, which allowed him the ability to unlock doors, flash headlights and blast music. The hack highlights the relative lack of oversight in apps that some drivers can download to their cars.

David Colombo identified a vulnerability in TeslaMate, a third-party app that some Tesla owners use to analyze data from their vehicle. He was able to access 25 Teslas that use the app, and he did not have access to steering, braking or acceleration, which could be especially dangerous.

The exploit did unlock a litany of potential unwelcome possibilities for drivers, the hacker said.

"Imagine music blasts at max volume and every time you want to turn it of [sic] it just starts again or imagine every time you unlock your doors they just lock again," Colombo, the 19-year-old behind the hack, wrote in a Medium post detailing the hack. Colombo said that he could even track the location of Tesla vehicles as their owners went about their day.

Colombo told CNN Business that he immediately reported the vulnerability that enabled the hack to involved parties, including Tesla. Colombo leads a cybersecurity company, and it is not uncommon for security researchers to seek out software vulnerabilities for potential compensation. Tesla offers cash incentives to people who report flaws in its software, but Colombo said he wasn't paid as the vulnerability was in a third-party app, not Tesla infrastructure.

(TeslaMate and Tesla did not respond to a request for comment.)

Cars, including Teslas, have been hacked before. But cybersecurity experts believe this is the first time a vehicle has been hacked through an app that has been granted access direct access to some vehicle controls and data. TeslaMate software is installed on a computer that is not the vehicle, and then accesses the vehicle through its interface for apps. Apps can delight drivers with services their car wouldn't otherwise have, as well as create new revenue for automakers through app-related fees.

But cybersecurity experts caution that the auto industry must mature, as there are growing risks as in-car apps become increasingly common in the years ahead.

"[Automakers] need to think about self-defending cars before self-driving cars," Srinivas Kumar, a vice president at the cybersecurity company DigiCert who leads efforts to protect connected devices, told CNN Business. "If a car can't defend itself from an attack, do you trust it to be self-driving?"

Colombo said that preventing future hacks will require collaboration between automakers, app makers and car owners.

One way to prevent a hack of this nature, he said, would be if Tesla more thoroughly restricted apps' access to data and commands. For example, an app could be restricted to only be able to view data, such as whether the doors are locked, but not be able to unlock them.

"In a perfect world those apps in an app store that you could download to your Tesla wouldn't have access to anything critical," Colombo said.

Third-party apps are increasingly becoming available in new cars. Some newer models offer a limited range of apps on their infotainment system. Some Cadillac drivers can download Spotify, NPR and the Weather Channel, for instance. Newer Ford models offer apps like Waze, Domino's and Pandora.

Tesla has not officially launched a way for app creators to add apps to its vehicles. But tech savvy Tesla enthusiasts have written about how to do so.

Moshe Shlisel, the CEO of Israeli cybersecurity company GuardKnox, said that automakers should scrutinize apps that end up on their vehicles to ensure safety. GuardKnox is developing a way for cars to monitor their apps and shut them down if they're doing something wrong, such as communicating to an off-limits part of the vehicle.

"It's a wake-up call to the entire industry," Shlisel said of Colombo's hack.

He expects that cars in the future will have hundreds of thousands of apps to choose from.

General Motors reviews apps and scans them for vulnerabilities, according to spokesman Darryll Harrison. Ford, which also allows a limited set of apps on some vehicles, declined to comment for this story.

But screening apps displayed on infotainment systems won't stop a person with sophisticated technical abilities from running an app on a vehicle independent of the automaker's approval. This could be done through a USB connection or an over-the-air vulnerability as occurred in the Tesla hack, according to cybersecurity experts.

The National Highway Traffic Safety Administration released best practices for cybersecurity in 2016, but it hasn't created standards for apps installed in vehicles. Neither has the auto industry.

"Right now it's open season," Shlisel said.

Newsletter

Related Articles

0:00
0:00
Close
German police raid AfD lawmaker’s offices in inquiry over Chinese payments
Turkish authorities seize leading broadcaster amid fraud and tax investigation
Volkswagen launches aggressive strategy to fend off Chinese challenge in Europe’s EV market
ChatGPT CEO signals policy to alert authorities over suicidal youth after teen’s death
The British legal mafia hit back: Banksy mural of judge beating protester is scrubbed from London court
Surpassing Musk: Larry Ellison becomes the richest man in the world
Embarrassment for Starmer: He fired the ambassador photographed on Epstein’s 'pedophile island'
Manhunt after 'skilled sniper' shot Charlie Kirk. Footage: Suspect running on rooftop during panic
Effective Protest Results: Nepal’s Prime Minister Resigns as Youth-Led Unrest Shakes the Nation
Qatari prime minister says Netanyahu ‘killed any hope’ for Israeli hostages
King Charles and Prince Harry Share First In-Person Moment in 19 Months
Starmer Establishes Economic ‘Budget Board’ to Centralise Policy and Rebuild Business Trust
France Erupts in Mass ‘Block Everything’ Protests on New PM’s First Day
Poland Shoots Down Russian Drones in Airspace Violation During Ukraine Attack
Brazilian police say ex-President Bolsonaro had planned to flee to Argentina seeking asylum
Trinidad Leader Applauds U.S. Naval Strike and Advocates Forceful Action Against Traffickers
Kim Jong Un Oversees Final Test of New High-Thrust Solid-Fuel Rocket Engine
Apple Introduces Ultra-Thin iPhone Air, Enhanced 17 Series and New Health-Focused Wearables
Macron Appoints Sébastien Lecornu as Prime Minister Amid Budget Crisis and Political Turmoil
Supreme Court temporarily allows Trump to pause billions in foreign aid
Charlie Sheen says his father, Martin Sheen, turned him in to the police: 'The greatest betrayal possible'
Vatican hosts first Catholic LGBTQ pilgrimage
Apple Unveils iPhone 17 Series, iPhone Air, Apple Watch 11 and More at 'Awe Dropping' Event
Pig Heads Left Outside Multiple Paris Mosques in Outrage-Inducing Acts
Nvidia’s ‘Wow’ Factor Is Fading. The AI chip giant used to beat Wall Street expectations for earnings by a substantial margin. That trajectory is coming down to earth.
France joins Eurozone’s ‘periphery’ as turmoil deepens, say investors
On the Anniversary of Queen Elizabeth’s Death: Prince Harry Returns to Britain
France Faces New Political Crisis, again, as Prime Minister Bayrou Pushed Out
Murdoch Family Finalises $3.3 Billion Succession Pact, Ensuring Eldest Son’s Leadership
Big Oil Slashes Jobs and Investments Amid Prolonged Low Crude Prices
Court Staff Cover Up Banksy Image of Judge Beating a Protester
Social Media Access Curtailed in Turkey After CHP Calls for Rallies Following Police Blockade of Istanbul Headquarters
Nayib Bukele Points Out Belgian Hypocrisy as Brussels Considers Sending Army into the Streets
Elon Musk Poised to Become First Trillionaire Under Ambitious Tesla Pay Plan
France, at an Impasse, Heads Toward Another Government Collapse
Burning the Minister’s House Helped Protesters to Win Justice: Prabowo Fires Finance Minister in Wake of Indonesia Protests
Brazil Braces for Fallout from Bolsonaro Trial by corrupted judge
The Country That Got Too Rich? Public Spending Dominates Norway Election
Nearly 40 Years Later: Nike Changes the Legendary Slogan Just Do It
Generations Born After 1939 Unlikely to Reach Age One Hundred, New Study Finds
End to a four-year manhunt in New Zealand: the father who abducted his children to the forests was killed, the three siblings were found
Germany Suspends Debt Rules, Funnels €500 Billion Toward Military and Proxy War Strategy
EU Prepares for War
BMW Eyes Growth in China with New All‑Electric Neue Klasse Lineup
Trump Threatens Retaliatory Tariffs After EU Imposes €2.95 Billion Fine on Google
Tesla Board Proposes Unprecedented One-Trillion-Dollar Performance Package for Elon Musk
US Justice Department Launches Criminal Mortgage-Fraud Probe into Federal Reserve Governor Lisa Cook
Escalating Drug Trafficking and Violence in Latin America: A Growing Crisis
US and Taiwanese Defence Officials Held Secret Talks in Alaska
Report: Secret SEAL Team 6 Mission in North Korea Ordered by Trump in 2019 Ended in Failure
×