A German teenager says he found a vulnerability in an app installed in some Teslas, which allowed him the ability to unlock doors, flash headlights and blast music. The hack highlights the relative lack of oversight in apps that some drivers can download to their cars.
Colombo identified a vulnerability in TeslaMate, a third-party app that some Tesla owners use to analyze data from their vehicle. He was able to access 25 Teslas that use the app, and he did not have access to steering, braking or acceleration, which could be especially dangerous.
The exploit did unlock a litany of potential unwelcome possibilities for drivers, the hacker said.
"Imagine music blasts at max volume and every time you want to turn it of [sic] it just starts again or imagine every time you unlock your doors they just lock again," David Colombo, the 19-year-old behind the hack, wrote in a Medium post detailing the hack. Colombo said that he could even track the location of Tesla vehicles as their owners went about their day.
Colombo told CNN Business that he immediately reported the vulnerability that enabled the hack to involved parties, including Tesla. Colombo leads a cybersecurity company, and it is not uncommon for security researchers to seek out software vulnerabilities for potential compensation. Tesla offers cash incentives to people who report flaws in its software, but Colombo said he wasn't paid as the vulnerability was in a third-party app, not Tesla infrastructure.
(TeslaMate and Tesla did not respond to a request for comment.)
Cars, including Teslas, have been hacked before. But cybersecurity experts believe this is the first time a vehicle has been hacked through an app that has been granted access direct access to some vehicle controls and data. TeslaMate software is installed on a computer that is not the vehicle, and then accesses the vehicle through its interface for apps. Apps can delight drivers with services their car wouldn't otherwise have, as well as create new revenue for automakers through app-related fees.
But cybersecurity experts caution that the auto industry must mature, as there are growing risks as in-car apps become increasingly common in the years ahead.
"[Automakers] need to think about self-defending cars before self-driving cars," Srinivas Kumar, a vice president at the cybersecurity company DigiCert who leads efforts to protect connected devices, told CNN Business. "If a car can't defend itself from an attack, do you trust it to be self-driving?"
Colombo said that preventing future hacks will require collaboration between automakers, app makers and car owners.
One way to prevent a hack of this nature, he said, would be if Tesla more thoroughly restricted apps' access to data and commands. For example, an app could be restricted to only be able to view data, such as whether the doors are locked, but not be able to unlock them.
"In a perfect world those apps in an app store that you could download to your Tesla wouldn't have access to anything critical," Colombo said.
Third-party apps are increasingly becoming available in new cars. Some newer models offer a limited range of apps on their infotainment system. Some Cadillac drivers can download Spotify, NPR and the Weather Channel, for instance. Newer Ford models offer apps like Waze, Domino's and Pandora.
Tesla has not officially launched a way for app creators to add apps to its vehicles. But tech savvy Tesla enthusiasts have written about how to do so.
Moshe Shlisel, the CEO of Israeli cybersecurity company GuardKnox, said that automakers should scrutinize apps that end up on their vehicles to ensure safety. GuardKnox is developing a way for cars to monitor their apps and shut them down if they're doing something wrong, such as communicating to an off-limits part of the vehicle.
"It's a wake-up call to the entire industry," Shlisel said of Colombo's hack.
He expects that cars in the future will have hundreds of thousands of apps to choose from.
General Motors reviews apps and scans them for vulnerabilities, according to spokesman Darryll Harrison. Ford, which also allows a limited set of apps on some vehicles, declined to comment for this story.
But screening apps displayed on infotainment systems won't stop a person with sophisticated technical abilities from running an app on a vehicle independent of the automaker's approval. This could be done through a USB connection or an over-the-air vulnerability as occurred in the Tesla hack, according to cybersecurity experts.
The National Highway Traffic Safety Administration released best practices for cybersecurity in 2016, but it hasn't created standards for apps installed in vehicles. Neither has the auto industry.
"Right now it's open season," Shlisel said.
Police say one former and one current employee of Air Canada are among the nine suspects that are facing charges in connection with the gold heist at Pearson International Airport last year.
MPs enacted an extraordinary, rarely used parliamentary power on Wednesday, summonsing an ArriveCan contractor to appear before the House of Commons where he was admonished publicly and forced to provide answers to the questions MPs said he'd previously evaded.
Auston Matthews won't be joining the NHL's 70-goal club this season.
Donald Trump's legal team says it tried serving Stormy Daniels a subpoena as she arrived for an event at a bar in Brooklyn last month, but the porn actor, who is expected to be a witness at the former president's criminal trial, refused to take it and walked away.
Drivers in Eastern Canada face a big increase in gas prices because of various factors, especially the higher cost of the summer blend, industry analysts say.
A Winnipeg woman was sentenced to house arrest after a single date with a man she met online culminated in her harassing him for years, and spurred false allegations which resulted in the innocent man being arrested three times.
A woman who pressured her boyfriend into killing his teenage ex more than a decade ago will be allowed to leave prison for weeks at a time.
Several Tim Horton’s customers are feeling great disappointment after being told by the company that an email stating they won a boat worth nearly $60,000 was sent in error.
Toronto Raptors player Jontay Porter has been handed a lifetime ban from The National Basketball Association (NBA) following an investigation which found he disclosed confidential information to sports bettors, the league says.
Almost 7,000 bars of pure gold were stolen from Pearson International Airport exactly one year ago during an elaborate heist, but so far only a tiny fraction of that stolen loot has been found.
Ontario is going to see a big jump at the pumps later this week as gas prices in the province hit levels not seen in nearly two years, according to one industry analyst.
Several Tim Horton’s customers are feeling great disappointment after being told by the company that an email stating they won a boat worth nearly $60,000 was sent in error.
A motion filed by the man accused of killing four Indigenous women in Winnipeg to have one of those murder charges quashed has been dismissed by the judge – weeks before the start of his trial.
Progress has been made on a new compensation model for family doctors, with the Alberta Medical Association (AMA) hopeful for a fall rollout.
A social media daredevil has been doing death-defying stunts in the Vancouver area, prompting safety concerns and at least one police investigation.
An Oklahoma man was arrested Wednesday after authorities accused him of throwing a pipe bomb at the Massachusetts headquarters of a group called The Satanic Temple.
Scientists say it's highly unlikely cloud seeding is responsible for the heavy rains that have caused flooding in the United Arab Emirates this month, and that climate change is the more likely culprit.
The U.S. Senate killed the articles of impeachment against Homeland Security Secretary Alejandro Mayorkas on Wednesday as the historic trial of the Cabinet secretary barely got underway.
The U.S. Justice Department has agreed to pay approximately US$100 million to settle claims with about 100 people who say they were sexually assaulted by sports doctor Larry Nassar, a source with direct knowledge of the negotiations told The Associated Press on Wednesday.
California regulators voted Wednesday to establish a drinking water limit on hexavalent chromium, a toxic chemical compound made infamous by the movie 'Erin Brockovich.'
Donald Trump's legal team says it tried serving Stormy Daniels a subpoena as she arrived for an event at a bar in Brooklyn last month, but the porn actor, who is expected to be a witness at the former president's criminal trial, refused to take it and walked away.
MPs enacted an extraordinary, rarely used parliamentary power on Wednesday, summonsing an ArriveCan contractor to appear before the House of Commons where he was admonished publicly and forced to provide answers to the questions MPs said he'd previously evaded.
In their 2024 budget, the federal government wants to amend the Canada Labour Code, so employers in federally regulated sectors will eliminate work-related communication with employees outside of scheduled hours. If implemented, this would affect roughly 500,000 employees across the country.
Advocacy groups across Canada are expressing widespread disappointment about the amount of funding earmarked in the 2024 federal budget for the long-awaited Canada Disability Benefit.
Progress has been made on a new compensation model for family doctors, with the Alberta Medical Association (AMA) hopeful for a fall rollout.
Public Health Ontario workers say the potential closure of six laboratories across the province would be dangerous and increase inequity in northern Ontario.
California regulators voted Wednesday to establish a drinking water limit on hexavalent chromium, a toxic chemical compound made infamous by the movie 'Erin Brockovich.'
More than 5,500 years ago, two women were tied up and probably buried alive in a ritual sacrifice, using a form of torture associated today with the Italian Mafia, according to an analysis of skeletons discovered at an archeological site in southwest France.
There are a lot of risks when it comes to adolescents using screens — and a new multinational study shows weight-related bullying may be among them.
An experimental error led a team of scientists researching bumblebees to make a startling discovery: the insects’ remarkable ability to survive underwater for up to a week.
Congratulations are in order for singer Ashanti and rapper Nelly. The reunited couple have gone public with both a pregnancy and their engagement.
The Sundance Film Festival may not always call Park City, Utah, home. The Sundance Institute has started to explore the possibility of other U.S. locations to host the independent film festival starting in 2027, the organization said Wednesday.
Eight-year-old songwriter Zuri Hamilton from Miramichi, N.B., got to show off her talent on 'The Kelly Clarkson Show' on Monday.
A National Public Radio editor who wrote an essay criticizing his employer for promoting liberal views resigned on Wednesday, attacking NPR's new CEO on the way out.
Several Tim Horton’s customers are feeling great disappointment after being told by the company that an email stating they won a boat worth nearly $60,000 was sent in error.
Boeing was the subject of dual Senate hearings Wednesday as Congress examined allegations of major safety failures at the embattled aircraft manufacturer, which has been pushed into crisis mode since a door-plug panel blew off a 737 Max jetliner during an Alaska Airlines flight in January.
Ten beagles rescued from animal testing in the United States arrived in Alberta on Wednesday, thanks to a Canadian charity.
Molly Knight, a grade four student in Nova Scotia, noticed her school library did not have many books on female athletes, so she started her own book drive in hopes of changing that.
A Celebrity Apex cruise to the Caribbean this month turned into a rocking Newfoundland kitchen party when hundreds of people from Canada's easternmost province happened to be booked on the same ship.
Auston Matthews won't be joining the NHL's 70-goal club this season.
Caitlin Clark's salary compared to top National Basketball Association players is drawing attention to Women's National Basketball Association players' pay and the often massive gender gap in professional sports salaries. The highest-paid WNBA player made a US$242,000 salary, while the league minimum salary in the NBA is over a million dollars in 2023.
Former football star and celebrity criminal defendant O.J. Simpson was cremated Wednesday, the lawyer handling his estate said following his death last week at home in Las Vegas at age 76.
Tesla will ask shareholders to reinstate a US$55 billion compensation package for CEO Elon Musk that was rejected by a judge in Delaware this year and to move the electric car maker's corporate home from Delaware to Texas.
Tesla has hit a series of roadblocks, including increased competition and declining sales. The company announced Monday it is slashing 10 per cent of its global workforce.
A driver from London will have to find alternative transportation after an OPP officer clocked them travelling nearly 200 km/h on Highway 401 over the weekend.
When Les Robertson was walking home from the gym in North Vancouver's Lower Lonsdale neighbourhood three weeks ago, he did a double take. Standing near a burrow it had dug in a vacant lot near East 1st Street and St. Georges Avenue was a yellow-bellied marmot.
A moulting seal who was relocated after drawing daily crowds of onlookers in Greater Victoria has made a surprise return, after what officials described as an 'astonishing' six-day journey.
Just steps from Parliament Hill is a barber shop that for the last 100 years has catered to everyone from prime ministers to tourists.
A high score on a Foo Fighters pinball machine has Edmonton player Dave Formenti on a high.
A compound used to treat sour gas that's been linked to fertility issues in cattle has been found throughout groundwater in the Prairies, according to a new study.
While many people choose to keep their medical appointments private, four longtime friends decided to undergo vasectomies as a group in B.C.'s Lower Mainland.
A popular highway in Alberta's Banff National Park now has a 'no stopping zone' to help protect two bears.
B.C. resident Robert Conrad spent thousands of hours on Crown land developing an unusual bond with deer.
A Sudbury woman said her husband was bringing the recycling out to the curb Wednesday night when he had to make a 'mad dash' inside after seeing a bear.
A social media daredevil has been doing death-defying stunts in the Vancouver area, prompting safety concerns and at least one police investigation.
A cyclist has died after a collision with a pickup truck in East Vancouver Wednesday afternoon, police said.
Veteran B.C. politician Mike de Jong has announced he's seeking a nomination to run for the federal Conservative Party in the next election.
Ontario Premier Doug Ford is calling on Speaker Ted Arnott to reverse a ban on keffiyehs at Queen's Park, describing the move as “needlessly” divisive.
Police say one former and one current employee of Air Canada are among the nine suspects that are facing charges in connection with the gold heist at Pearson International Airport last year.
Auston Matthews won't be joining the NHL's 70-goal club this season.
An Alberta woman was killed in a multi-vehicle crash on a highway north of Coaldale, Alta., on Wednesday morning.
Calgary has a new brand and it's looking up.
The world’s longest hockey game is in the books.
Ottawa motorists are being warned to expect a big hike in gasoline prices this week, as prices rise to the highest level since August 2022.
Talk of transitioning federal buildings into housing has been in the works for a couple of years and it's a move that business leaders in Ottawa say can't come soon enough.
Several Tim Horton’s customers are feeling great disappointment after being told by the company that an email stating they won a boat worth nearly $60,000 was sent in error.
François Legault still doesn't know the price of a 4 1/2 apartment in Montreal, three years after getting bogged down on the issue.
In the latest example of the confusion surrounding Quebec's new language law, the education ministry has confirmed that a presentation delivered only in French to English-speaking parents last week could have been done in English after all.
Quebec's police watchdog has opened an investigation into a Montreal police (SPVM) intervention in the Côte-des-Neiges–Notre-Dame-de-Grâce borough that ended with one person seriously injured.
More than 150 people have reported vehicle crashes in Edmonton on Wednesday.
In at least a couple of ways, it's fitting the Edmonton Oilers will be the Arizona Coyotes' final opponent before the Desert Dogs shed their Kachina-styled uniforms for whatever hues and themes may await them in Salt Lake City.
While snow and ice aren't ideal weather for hitting the links, a local golf course said it's happy to see some April precipitation.
The RCMP says it is investigating a sudden death in Nova Scotia’s Colchester County.
Drivers in Eastern Canada face a big increase in gas prices because of various factors, especially the higher cost of the summer blend, industry analysts say.
A Celebrity Apex cruise to the Caribbean this month turned into a rocking Newfoundland kitchen party when hundreds of people from Canada's easternmost province happened to be booked on the same ship.
A Winnipeg man is raising a red flag after his landlord said no to health-care equipment that could change his life – a problem he believes is a human rights issue.
A motion filed by the man accused of killing four Indigenous women in Winnipeg to have one of those murder charges quashed has been dismissed by the judge – weeks before the start of his trial.
RCMP say they are concerned for the wellbeing of a missing 35-year-old woman.
After two days of negotiations, the province has presented the Saskatchewan Teachers’ Federation (STF) a final offer, which will go to members for a vote.
A Regina man who says he was given two hours to vacate the seniors' home he lived in after being evicted should not have been forced to move in the first place.
The Saskatchewan Urban Municipalities Association (SUMA) conference wrapped up on Wednesday with educational sessions in the morning, followed by a bear pit session for delegates to speak directly with the provincial government.
The Waterloo Region Police Services Board wants to explore new ways of dealing with an annual unsanctioned St. Patrick’s Day street party in Waterloo’s University District.
Police say one former and one current employee of Air Canada are among the nine suspects that are facing charges in connection with the gold heist at Pearson International Airport last year.
Despite being at the top of the Basketball Super League standings, the KW Titans are struggling to make ends meet.
The woman accused of hitting and killing a child while driving under the influence of THC was called to the stand on Wednesday.
After two days of negotiations, the province has presented the Saskatchewan Teachers’ Federation (STF) a final offer, which will go to members for a vote.
A former massage therapist who pleaded guilty to a string of sexual assaults has had his day parole revoked.
In a lengthy council meeting Tuesday night, city council in Sudbury unanimously voted to build a new arena and events centre downtown.
A former girlfriend of a murder suspect in Sudbury testified Wednesday that he talked about his role in the deaths a day after a firebombing that killed three people.
The body of a missing man has been found after his vehicle was pulled into a northern creek on Saturday morning, Ontario Provincial Police say.
The hockey community in Chatham-Kent and beyond is mourning the sudden death of a player caught in a highway crash this week in London.
It’s not every day that a new washroom becomes the talk of the town. But in the Lake Huron tourist community of Grand Bend a new so-called smart washroom has many residents and business owners flush with joy.
The Canadian Nuclear Isotope Council has named Western University an academic partner.
Provincial police are investigating after a man's body washed up on the shores of Lake Couchiching in Severn Township.
Tim Hortons Roll Up The Rim contest may be in hot water yet again after several customers received emails falsely congratulating them on winning the Tracker boat worth nearly $60,000.
A multi-vehicle collision involving a semi-truck snarled traffic in Barrie on Wednesday afternoon.
Many made a dash to the pumps because experts say the price of gas is set to rise Thursday.
The hockey community in Chatham-Kent and beyond is mourning the sudden death of a player caught in a highway crash this week in London.
Parents of children with learning disabilities are seeking 'certainty' on the long-term status of a program that provides tailored special education support in language and math within schools.
The British Columbia government is encouraging anglers to pack their tackle boxes and head out to a remote lake on Vancouver Island as the province attempts to eradicate an invasive population of sport fish.
Evan Jamieson’s nine-year-old son Oliver has thrived at Mill Bay Nature School in Mill Bay, B.C., despite all of his challenges.
B.C.'s police watchdog has finished its investigation into an incident on Vancouver Island, concluding the actions of officers weren't connected to a man's death.
Nurses held a rally Wednesday at a hospital in the B.C. Interior that closed its emergency department more than a dozen times last year due to insufficient staff.
British Columbia is planning to add 240 new units to its complex-care housing program, providing homes for people with mental-health and addictions challenges that overlap with other serious conditions.
More than 80 residents from a low-income apartment building in Kelowna, B.C., have learned they won't be able to return to their homes for at least another two weeks.
Lethbridge police have arrested a Vermilion, Alta., man in connection with a 'grandparent scam' that took aim at a local senior.
An Alberta woman was killed in a multi-vehicle crash on a highway north of Coaldale, Alta., on Wednesday morning.
With or without federal support, improvements to a major southern Alberta highway continue because of its critical economic importance as an east-west corridor, the province says.
For the next several months, the City of Sault Ste. Marie will be cracking down on people who improperly use accessible parking spaces.
A suspect riding a bicycle on Gibbs Street in Sault Ste. Marie this week has been charged with assaulting police, along with drug-related offences.
Police in Sault Ste. Marie charged a 26-year-old woman with several offences following an incident Monday morning.
A Celebrity Apex cruise to the Caribbean this month turned into a rocking Newfoundland kitchen party when hundreds of people from Canada's easternmost province happened to be booked on the same ship.
A pricing agreement has been reached between crab fishers and seafood processors that will allow for Newfoundland and Labrador's annual crab fishery to get started.
Longliners across Newfoundland and Labrador are tied up once again, as a new protest by the province's fish harvesters threatens to derail the crab fishery for a second straight year.
The Shopping Trends team is independent of the journalists at CTV News. We may earn a commission when you use our links to shop. Read about us.
