London Daily

Focus on the big picture.
Friday, Jul 03, 2026

Teen's Tesla hack shows how vulnerable third-party apps may make cars

Teen's Tesla hack shows how vulnerable third-party apps may make cars

A German teenager says he found a vulnerability in an app installed in some Teslas, which allowed him the ability to unlock doors, flash headlights and blast music. The hack highlights the relative lack of oversight in apps that some drivers can download to their cars.

David Colombo identified a vulnerability in TeslaMate, a third-party app that some Tesla owners use to analyze data from their vehicle. He was able to access 25 Teslas that use the app, and he did not have access to steering, braking or acceleration, which could be especially dangerous.

The exploit did unlock a litany of potential unwelcome possibilities for drivers, the hacker said.

"Imagine music blasts at max volume and every time you want to turn it of [sic] it just starts again or imagine every time you unlock your doors they just lock again," Colombo, the 19-year-old behind the hack, wrote in a Medium post detailing the hack. Colombo said that he could even track the location of Tesla vehicles as their owners went about their day.

Colombo told CNN Business that he immediately reported the vulnerability that enabled the hack to involved parties, including Tesla. Colombo leads a cybersecurity company, and it is not uncommon for security researchers to seek out software vulnerabilities for potential compensation. Tesla offers cash incentives to people who report flaws in its software, but Colombo said he wasn't paid as the vulnerability was in a third-party app, not Tesla infrastructure.

(TeslaMate and Tesla did not respond to a request for comment.)

Cars, including Teslas, have been hacked before. But cybersecurity experts believe this is the first time a vehicle has been hacked through an app that has been granted access direct access to some vehicle controls and data. TeslaMate software is installed on a computer that is not the vehicle, and then accesses the vehicle through its interface for apps. Apps can delight drivers with services their car wouldn't otherwise have, as well as create new revenue for automakers through app-related fees.

But cybersecurity experts caution that the auto industry must mature, as there are growing risks as in-car apps become increasingly common in the years ahead.

"[Automakers] need to think about self-defending cars before self-driving cars," Srinivas Kumar, a vice president at the cybersecurity company DigiCert who leads efforts to protect connected devices, told CNN Business. "If a car can't defend itself from an attack, do you trust it to be self-driving?"

Colombo said that preventing future hacks will require collaboration between automakers, app makers and car owners.

One way to prevent a hack of this nature, he said, would be if Tesla more thoroughly restricted apps' access to data and commands. For example, an app could be restricted to only be able to view data, such as whether the doors are locked, but not be able to unlock them.

"In a perfect world those apps in an app store that you could download to your Tesla wouldn't have access to anything critical," Colombo said.

Third-party apps are increasingly becoming available in new cars. Some newer models offer a limited range of apps on their infotainment system. Some Cadillac drivers can download Spotify, NPR and the Weather Channel, for instance. Newer Ford models offer apps like Waze, Domino's and Pandora.

Tesla has not officially launched a way for app creators to add apps to its vehicles. But tech savvy Tesla enthusiasts have written about how to do so.

Moshe Shlisel, the CEO of Israeli cybersecurity company GuardKnox, said that automakers should scrutinize apps that end up on their vehicles to ensure safety. GuardKnox is developing a way for cars to monitor their apps and shut them down if they're doing something wrong, such as communicating to an off-limits part of the vehicle.

"It's a wake-up call to the entire industry," Shlisel said of Colombo's hack.

He expects that cars in the future will have hundreds of thousands of apps to choose from.

General Motors reviews apps and scans them for vulnerabilities, according to spokesman Darryll Harrison. Ford, which also allows a limited set of apps on some vehicles, declined to comment for this story.

But screening apps displayed on infotainment systems won't stop a person with sophisticated technical abilities from running an app on a vehicle independent of the automaker's approval. This could be done through a USB connection or an over-the-air vulnerability as occurred in the Tesla hack, according to cybersecurity experts.

The National Highway Traffic Safety Administration released best practices for cybersecurity in 2016, but it hasn't created standards for apps installed in vehicles. Neither has the auto industry.

"Right now it's open season," Shlisel said.

Newsletter

Related Articles

0:00
0:00
Close
Luxury bags take over the World Cup: style, status symbol, or just showing off?
UK Parliamentary Committee Launches Inquiry Into Falling Primary School Rolls and Public Service Impact
UK House of Lords Debates Electoral Commission Powers and Political Finance Reform
UK Parliament Considers Expanding Carbon Rules to International Aviation and Shipping Emissions
UK Traffic Commissioner Revokes Hampshire Haulage Operator Licence Over Regulatory Failures
UK Parliament Examines Risks in Public Contracts Awarded to Technology Firm Palantir
UK Competition Watchdog Moves Toward More Flexible Merger Rules to Support Efficiency and Growth
UK Government Seeks Approval for £1.15 Trillion Public Spending Plan Amid Scrutiny Over Department Budgets
UK Parliament Debates Sweeping National Security and Steel Industry Nationalisation Bills
UK Government Issues Formal Apology for Historic Forced Adoption Practices and Announces £4 Million Support Scheme
UK DEFENCE AND TECHNOLOGY STRATEGY TILTS TOWARD SOVEREIGN CAPABILITY AND INDUSTRIAL INVESTMENT
UK ECONOMIC POLICY OUTLOOK SHAPED BY LEADERSHIP TRANSITION AND FISCAL SIGNALS
STERLING STRENGTHENS AMID SHIFTING MONETARY OUTLOOK AND GLOBAL LABOUR MARKET SIGNALS
UK HPV VACCINATION PROGRAM NEARLY ELIMINATES CERVICAL CANCER DEATH RISK IN YOUNG WOMEN
UK EXPANDS PRISON SAFETY REVIEW AS GOVERNMENT SEEKS WIDER SYSTEM REFORM
UK DRIVES DIGITAL ASSETS STRATEGY WITH NEW STABLECOIN REGULATORY MODEL
UK TO EXPAND AI INFRASTRUCTURE THROUGH NEW EUROPEAN TECHNOLOGY PARTNERSHIP
UK LAUNCHES £15 BILLION DEFENCE TECH SHIFT TOWARD ADVANCED MILITARY SYSTEMS
CIVIL SERVICE FACES SHIFT IN POWER STRUCTURE AS REGIONAL GOVERNANCE PLANS EXPAND
WHITEHALL CONSIDERS MAJOR DECENTRALISATION PLAN WITH SECOND GOVERNMENT HUB IN MANCHESTER
UK TARGETS SERVICES EXPORT GROWTH IN TRADE TALKS WITH CHINA AMID GEOPOLITICAL TENSIONS
POLICE WATCHDOG PROBES OFFICERS OVER HANDCUFFING OF DYING TEENAGER IN HAMPSHIRE CASE
UK REGULATORS UNVEIL DUAL OVERSIGHT FRAMEWORK FOR STABLECOINS AND DIGITAL ASSETS
KEIR STARMER ANNOUNCES £15 BILLION DEFENCE TECHNOLOGY BOOST IN FINAL MAJOR POLICY MOVE
ANDY BURNHAM SIGNALS STRICT FISCAL RULES AS LABOUR LEADERSHIP RACE SHAPES MARKET OUTLOOK
POUND STERLING HITS ONE-YEAR HIGH AS BANK OF ENGLAND SIGNALS NO IMMINENT RATE CUTS
UK Government Confirms Rejected Asylum Seekers to Remain Amid Enforcement Challenges
UK-China Economic Talks Focus on Services Trade and High-Value Sectors
Buckingham Palace Revamp Plans Unveiled to Modernise Royal and Public Facilities
Two Dead After Light Aircraft Crash in Essex Field, Investigation Underway
Princess Diana Marked at 65 With UK Tributes Reflecting on Her Public Legacy
England Teachers Face New Pay Cap Rules for Academy School Leaders Under Education Reform
Dublin Security Alert Escalates After Stabbing and Reports of Transport Disruption
UK Government Faces Scrutiny Over £10,000 Asylum Living Cost Contribution Requirement
England Prepares World Cup Knockout Match Against Democratic Republic of Congo
Northern Rail Project Warned of HS2-Style Cost Risks by UK Parliamentary Committee
UK Tightens Asylum Rules as Most Rejected Applicants Expected to Remain in Country
UK Heat Health Alert Issued as Temperatures Expected to Exceed 30°C Across England
Halifax Brand to Disappear From UK High Streets in Lloyds Banking Group Restructuring
England Teachers Receive 6.6 Percent Pay Rise Over Two Years as Schools Warn of Budget Strain
UK Defence Spending Plan Sparks Budget Clash as Regional Infrastructure Projects Face Pressure
Inquest Continues in Northern Ireland into Death of Noah Donohoe in Belfast
UK Travel Industry Calls for Suspension of New EU Border System During Peak Holiday Season
Telegraph Media Group Acquired by German Media Firm in £575 Million Deal Completion
House of Commons Warns Northern Rail Upgrade Risks Repeating High-Speed 2 Cost Overruns
UK Transport Unions Warn of Summer Strike Action Over Pay Disputes
UK Health Secretary Calls Maternity Care Review a “Watershed Moment” for NHS Reform
Nigel Farage Faces Questions Over £270,000 Payment Linked to Gold Marketing Firm
Labour Government Faces Internal Division Over North Sea Oil and Gas Policy Direction
National Screening Committee Invites New Proposals for UK Health Screening Programmes
×