Reports of a 19-year-old hacker being able to defeat the security of Tesla cars are sending shockwaves through the automotive industry.

The man, David Colombo, had reported to the car manufacturer that he had hacked into the electronic peripheral devices on 25 poorly maintained Tesla-branded cars across 13 countries, such as disabling the anti-theft system, varying the volume level of the sound system, and operating the windows and lights.

Colombo added that he was not able to execute code on any of the compromised cars and was not able to get into the drive control system, affirming that the hack was not exploiting any inherent vulnerability in the cars, and that car owners should be able to block his intrusive access.

However, according to Lotem Finkelstein, Head of Threat Intelligence and Research, Check Point Software Technologies: “Can we really expect users to be familiar with the software configuration of a complex and highly technically advanced product like a modern automobile? Surely cars need to be secure (to the point that) it should not be possible for the driver to cede remote access to their vehicle either by a given action or by inaction?”  

If a hacker took control of your car and you had an accident, it would not matter whose fault it was that the car was not secure; you would want to do everything in your power to prevent it. “Sure, we expect manufacturers to provide a fully secure vehicle but our experience in cybersecurity tells us this is not something that can be 100% guaranteed forever. In the same way that we expect to be proactive in protecting our laptops and phones, I suspect we will need to take a more hands-on approach to ensuring our cars are protected from cyberattacks.”