ÐÇ¿Õ´«Ã½

Autos

    • Teen's Tesla hack shows how vulnerable third-party apps may make cars

    Share

    A German teenager says he found a vulnerability in an app installed in some Teslas, which allowed him the ability to unlock doors, flash headlights and blast music. The hack highlights the relative lack of oversight in apps that some drivers can download to their cars.

    Colombo identified a vulnerability in TeslaMate, a third-party app that some Tesla owners use to analyze data from their vehicle. He was able to access 25 Teslas that use the app, and he did not have access to steering, braking or acceleration, which could be especially dangerous.

    The exploit did unlock a litany of potential unwelcome possibilities for drivers, the hacker said.

    "Imagine music blasts at max volume and every time you want to turn it of [sic] it just starts again or imagine every time you unlock your doors they just lock again," David Colombo, the 19-year-old behind the hack, wrote in a Medium post detailing the hack. Colombo said that he could even track the location of Tesla vehicles as their owners went about their day.

    Colombo told CNN Business that he immediately reported the vulnerability that enabled the hack to involved parties, including Tesla. Colombo leads a cybersecurity company, and it is not uncommon for security researchers to seek out software vulnerabilities for potential compensation. Tesla offers cash incentives to people who report flaws in its software, but Colombo said he wasn't paid as the vulnerability was in a third-party app, not Tesla infrastructure.

    (TeslaMate and Tesla did not respond to a request for comment.)

    Cars, including Teslas, have been hacked before. But cybersecurity experts believe this is the first time a vehicle has been hacked through an app that has been granted access direct access to some vehicle controls and data. TeslaMate software is installed on a computer that is not the vehicle, and then accesses the vehicle through its interface for apps. Apps can delight drivers with services their car wouldn't otherwise have, as well as create new revenue for automakers through app-related fees.

    But cybersecurity experts caution that the auto industry must mature, as there are growing risks as in-car apps become increasingly common in the years ahead.

    "[Automakers] need to think about self-defending cars before self-driving cars," Srinivas Kumar, a vice president at the cybersecurity company DigiCert who leads efforts to protect connected devices, told CNN Business. "If a car can't defend itself from an attack, do you trust it to be self-driving?"

    Colombo said that preventing future hacks will require collaboration between automakers, app makers and car owners.

    One way to prevent a hack of this nature, he said, would be if Tesla more thoroughly restricted apps' access to data and commands. For example, an app could be restricted to only be able to view data, such as whether the doors are locked, but not be able to unlock them.

    "In a perfect world those apps in an app store that you could download to your Tesla wouldn't have access to anything critical," Colombo said.

    Third-party apps are increasingly becoming available in new cars. Some newer models offer a limited range of apps on their infotainment system. Some Cadillac drivers can download Spotify, NPR and the Weather Channel, for instance. Newer Ford models offer apps like Waze, Domino's and Pandora.

    Tesla has not officially launched a way for app creators to add apps to its vehicles. But tech savvy Tesla enthusiasts have written about how to do so.

    Moshe Shlisel, the CEO of Israeli cybersecurity company GuardKnox, said that automakers should scrutinize apps that end up on their vehicles to ensure safety. GuardKnox is developing a way for cars to monitor their apps and shut them down if they're doing something wrong, such as communicating to an off-limits part of the vehicle.

    "It's a wake-up call to the entire industry," Shlisel said of Colombo's hack.

    He expects that cars in the future will have hundreds of thousands of apps to choose from.

    General Motors reviews apps and scans them for vulnerabilities, according to spokesman Darryll Harrison. Ford, which also allows a limited set of apps on some vehicles, declined to comment for this story.

    But screening apps displayed on infotainment systems won't stop a person with sophisticated technical abilities from running an app on a vehicle independent of the automaker's approval. This could be done through a USB connection or an over-the-air vulnerability as occurred in the Tesla hack, according to cybersecurity experts.

    The National Highway Traffic Safety Administration released best practices for cybersecurity in 2016, but it hasn't created standards for apps installed in vehicles. Neither has the auto industry.

    "Right now it's open season," Shlisel said.

    CTVNews.ca ÐÇ¿Õ´«Ã½

    BREAKING

    BREAKING

    Three men were injured after trying to subdue a man armed with a knife during afternoon prayers at a Montreal-area mosque Friday afternoon.

    A 15-year-old boy who was the subject of an emergency alert in New Brunswick has been arrested.

    Police have arrested an 18-year-old woman who allegedly stole a Porsche and then ran over its owner in an incident that was captured on video.

    Since she was a young girl growing up in Vancouver, Ginny Lam says her mom Yat Hei Law made it very clear she favoured her son William, because he was her male heir.

    The search for a missing six-year-old boy in Shamattawa is continuing Friday as RCMP hope recent tips can help lead to a happy conclusion.

    Canada

    • BREAKING

      BREAKING

      Three men were injured after trying to subdue a man armed with a knife during afternoon prayers at a Montreal-area mosque Friday afternoon.

    • Police have arrested an 18-year-old woman who allegedly stole a Porsche and then ran over its owner in an incident that was captured on video.

    • The search for a missing six-year-old boy in Shamattawa is continuing Friday as RCMP hope recent tips can help lead to a happy conclusion.

    • The debate over sexual orientation and gender identity education in schools is heating up. Protests both for and against SOGI in the curriculum took place across the country Friday.

    • The parents of a teenager who died after allegedly consuming the poisonous products of a Mississauga man are now suing him, as well as several doctors involved in her care.

    • Relatives of a 60-year-old man who took his own life in a Nova Scotia jail after long periods of confinement in his cell have launched a lawsuit against the province.

    World

    Politics

    Health

    • A Nova Scotia woman has applied for a medically assisted death, saying after years of battling to receive out-of-country surgery for an illness that causes 'indescribable' pain, she struggles to maintain the will to live.

    Sci-Tech

    Entertainment

    • Getting a photograph of a rainbow? Common. Getting a photo of a lightning strike? Rare. Getting a photo of both at the same time? Extremely rare, but it happened to a Manitoba photographer this week.

    • It was the last show for longtime children's TV star Ron (Buck Shot) Barge Friday as hundreds of family, friends and fans attended a public memorial in Calgary.

    Business

    Lifestyle

    Sports

    • The Winnipeg Blue Bombers have won five in a row. The Edmonton Elks have won five of their last six games. They are the two hottest teams in the West. When they meet Saturday at Commonwealth Stadium, something has to give.

    • Agreement in principle has been reached to build a new NHL arena at LeBreton Flats has been reached between the Ottawa Senators and the National Capital Commission (NCC), the two sides announced Friday.

    • F1 star Max Verstappen punished over bad word

      Formula One points leader Max Verstappen was ordered to 'accomplish some work of public interest' after uttering an inappropriate word Thursday at the news conference ahead of the Singapore Grand Prix.

    Autos

    Local Spotlight

    Getting a photograph of a rainbow? Common. Getting a photo of a lightning strike? Rare. Getting a photo of both at the same time? Extremely rare, but it happened to a Manitoba photographer this week.

    An anonymous business owner paid off the mortgage for a New Brunswick not-for-profit.

    They say a dog is a man’s best friend. In the case of Darren Cropper, from Bonfield, Ont., his three-year-old Siberian husky and golden retriever mix named Bear literally saved his life.

    A growing group of brides and wedding photographers from across the province say they have been taken for tens of thousands of dollars by a Barrie, Ont. wedding photographer.

    Paleontologists from the Royal B.C. Museum have uncovered "a trove of extraordinary fossils" high in the mountains of northern B.C., the museum announced Thursday.

    The search for a missing ancient 28-year-old chocolate donkey ended with a tragic discovery Wednesday.

    The Royal Canadian Mounted Police is celebrating an important milestone in the organization's history: 50 years since the first women joined the force.

    It's been a whirlwind of joyful events for a northern Ontario couple who just welcomed a baby into their family and won the $70 million Lotto Max jackpot last month.

    A Good Samaritan in New Brunswick has replaced a man's stolen bottle cart so he can continue to collect cans and bottles in his Moncton neighbourhood.

    • The debate over sexual orientation and gender identity education in schools is heating up. Protests both for and against SOGI in the curriculum took place across the country Friday.

    • A fire that destroyed a historic bridge in Kamloops, B.C., is now being investigated as arson, local Mounties say.

    • A teenager has been charged with multiple offences related to stabbings that occurred in Surrey's Newton neighbourhood last week.

    • Police have arrested an 18-year-old woman who allegedly stole a Porsche and then ran over its owner in an incident that was captured on video.

    • The parents of a teenager who died after allegedly consuming the poisonous products of a Mississauga man are now suing him, as well as several doctors involved in her care.

    • Michael Ford, Ontario's minister of citizenship and multiculturalism, says he is taking a leave of absence from cabinet to prioritize his health.

    • Calgary Mayor Jyoti Gondek is urging the Alberta government to preserve pieces of the massive Green Line transit project now being dissolved.

    • A Lethbridge resident is facing charges after police seized drugs and weapons at a traffic stop for bicycle equipment violations.

    • It was the last show for longtime children's TV star Ron (Buck Shot) Barge Friday as hundreds of family, friends and fans attended a public memorial in Calgary.

    • Agreement in principle has been reached to build a new NHL arena at LeBreton Flats has been reached between the Ottawa Senators and the National Capital Commission (NCC), the two sides announced Friday.

    • Police say a man, 34, who was taken to hospital in critical condition after being shot Thursday night has died.

    • Ottawa police are investigating a shooting downtown Friday afternoon.

    • BREAKING

      BREAKING

      Three men were injured after trying to subdue a man armed with a knife during afternoon prayers at a Montreal-area mosque Friday afternoon.

    • When Bernard Morissette got a call from Loto-Quebec on Sept. 18 and was asked if he was sitting down, he had no idea what was coming his way.

    • "We love you, Eddy!" screamed the 350 students at Terry Fox Elementary School in Pierrefonds. They didn't know the man their school is named after, but they knew Eddy Nolan who would visit regularly and encourage the students to participate in "the Terry Fox Run".

    • Mounties say there was an increased police presence in the Emerald Hills area of Sherwood Park on Friday morning as officers searched for a man who is wanted by police.

    • There are plenty of fun happenings in Edmonton this weekend. It's time to savour that last little bit of the summer season before the leaves really start coming down.

    • Alberta Health Services says an E. coli outbreak at a daycare in Blackfalds has ended.

    • A 15-year-old boy who was the subject of an emergency alert in New Brunswick has been arrested.

    • Relatives of a 60-year-old man who took his own life in a Nova Scotia jail after long periods of confinement in his cell have launched a lawsuit against the province.

    • Family, friends and fans of late hip hop artist and battle rapper, Pat Stay will gather at events held in his honour on Saturday and Sunday.

    • The search for a missing six-year-old boy in Shamattawa is continuing Friday as RCMP hope recent tips can help lead to a happy conclusion.

    • Pedestrians are getting a step closer to being able to cross Portage and Main.

    • A Manitoba veterinary clinic has two new ways of figuring out what’s causing a horse to be lame.

    • Five Regina schools have been placed in lockdown or secure the building mode following a report of a weapons investigation at Miller High School on Friday.

    • A 21-year-old man from Codette, Sask. is facing numerous charges in connection to a fatal crash near Wapella, Sask. Wednesday night that claimed the life of a 22-year-old Alberta woman.

    • The Métis Nation of Saskatchewan has pulled out of a national body representing Métis, citing problems with an Ontario group and throwing the future of the Métis National Council into question.

    • Protests were held in front of Kitchener City Hall on Friday, both for and against LGBTQ2S+ inclusive education and queer rights in schools.

    • Levels of hydrogen sulfide gas are being monitored at Brantford Collegiate Institute after a leak in their geothermal system.

    • Police have arrested an 18-year-old woman who allegedly stole a Porsche and then ran over its owner in an incident that was captured on video.

    • The Métis Nation of Saskatchewan has pulled out of a national body representing Métis, citing problems with an Ontario group and throwing the future of the Métis National Council into question.

    • The second-degree murder trial of Thomas Hamp is being adjourned until December so an expert witness central to the trial can testify.

    • A 69-year-old woman from Outlook, Saskatchewan is dead and three people are injured after a truck and SUV collided on Highway 15 on Thursday.

    • Emergency crews in northern Ontario found the bodies of four people inside a home where a fire broke out Thursday night.

    • Police have arrested an 18-year-old woman who allegedly stole a Porsche and then ran over its owner in an incident that was captured on video.

    • A 26-year-old driver from Surrey, B.C., has been charged with three counts of criminal negligence causing death and bodily harm in a crash that killed two youths in northern Ontario last year.

    • On Thursday, just before noon, emergency services were called to the area of Curtis Street and Hiawatha Street due to reports of a couch on fire.

    • The timeline is short, but London officials are confident in their ability to submit a strong application for a Homelessness and Addiction Recovery Treatment (HART) Hub that the province will begin funding next year.

    • A man is in hospital with life threatening injuries following a collision between a motorcycle and a vehicle on Friday afternoon.

    • Two men from Barrie have been charged after a deadly shooting at a park in Keswick on Wednesday.

    • A 17-year-old from Markham is facing serious charges after an August 11 shooting at a party in Caledon.

    • Provincial police are investigating vandalism in Huntsville after the "senseless destruction" of flower displays along Main Street East.

    • The Special Investigations Unit (SIU) is searching for the occupants of a vehicle caught on security cameras during a fatal police-involved shooting on Goyeau Street.

    • Windsor police say a 25-year-old mother has been charged with the drowning death of her 5-year-old child in the family’s backyard pool.

    • The University of Windsor has been given the privilege of hosting the 2026 U Sports men’s volleyball championship at the Toldo Centre.

    • New Democrat Leader David Eby has launched his British Columbia election campaign a day early, making the key battle ground of Surrey his first stop.

    • The Old Man Lake wildfire near Sooke is the only one currently burning on Vancouver Island. It’s a region of the province that this year saw a drastic drop in blazes in the backcountry.

    • The debate over sexual orientation and gender identity education in schools is heating up. Protests both for and against SOGI in the curriculum took place across the country Friday.

    • A pair of runaway pigs are in the custody of an animal sanctuary in the Okanagan after evading police and volunteers for hours earlier this week.

    • The Red Bridge, a historic landmark in Kamloops, B.C., was completely destroyed by fire early Thursday morning.

    • Animal protection officers in British Columbia have rescued three pit bulls – including one that gave birth to 10 puppies – from a rat-infested home in Kelowna.

    • A Lethbridge resident is facing charges after police seized drugs and weapons at a traffic stop for bicycle equipment violations.

    • A Vulcan, Alta., man has been charged with a Lethbridge woman's murder after her body was found in the Oyen area.

    • A Lethbridge couple got a good reminder as to why you should keep your vehicle doors locked at all times.

    • A 26-year-old driver from Surrey, B.C., has been charged with three counts of criminal negligence causing death and bodily harm in a crash that killed two youths in northern Ontario last year.

    • Ontario Provincial Police say three suspects from southern Ontario have been charged and drugs worth $300,000 have been seized following a traffic stop Sept. 16.

    • A Brampton driver, 27, was charged this week when northern Ontario police stopped the SUV he was driving on Highway 17 after a reported shooting and found more than $100,000 in cash.

    N.L.

    Shopping Trends

    The Shopping Trends team is independent of the journalists at CTV News. We may earn a commission when you use our links to shop. Read about us.

    Stay Connected
    Follow CTV News