A German teenager says he found a vulnerability in an app installed in some Teslas, which allowed him the ability to unlock doors, flash headlights and blast music. The hack highlights the relative lack of oversight in apps that some drivers can download to their cars.

David Colombo identified a vulnerability in TeslaMate, a third-party app that some Tesla owners use to analyze data from their vehicle. He was able to access 25 Teslas that use the app, and he did not have access to steering, braking or acceleration, which could be especially dangerous.

The exploit did unlock a litany of potential unwelcome possibilities for drivers, the hacker said.

"Imagine music blasts at max volume and every time you want to turn it off [sic] it just starts again or imagine every time you unlock your doors they just lock again," Colombo, the 19-year-old behind the hack, wrote in a Medium post. Colombo said that he could even track the location of Tesla vehicles as their owners went about their day.

Colombo told CNN Business that he immediately reported the vulnerability that enabled the hack to involved parties, including Tesla. Colombo leads a cybersecurity company, and it is not uncommon for security researchers to seek out software vulnerabilities for potential compensation. Tesla offers cash incentives to people who report flaws in its software, but Colombo said he wasn't paid as the vulnerability was in a third-party app, not Tesla infrastructure.

(TeslaMate and Tesla did not respond to a request for comment.)

Cars, including Teslas, have been hacked before. But cybersecurity experts believe this is the first time a vehicle has been hacked through an app that has been granted access direct access to some vehicle controls and data. TeslaMate software is installed on a computer that is not the vehicle, and then accesses the vehicle through its interface for apps. Apps can delight drivers with services their car wouldn't otherwise have, as well as create new revenue for automakers through app-related fees.

But cybersecurity experts caution that the auto industry must mature, as there are growing risks as in-car apps become increasingly common in the years ahead.

"[Automakers] need to think about self-defending cars before self-driving cars," Srinivas Kumar, a vice president at the cybersecurity company DigiCert who leads efforts to protect connected devices, told CNN Business. "If a car can't defend itself from an attack, do you trust it to be self-driving?"

Colombo said that preventing future hacks will require collaboration between automakers, app makers and car owners.

One way to prevent a hack of this nature, he said, would be if Tesla more thoroughly restricted apps' access to data and commands. For example, an app could be restricted to only be able to view data, such as whether the doors are locked, but not be able to unlock them.

"In a perfect world those apps in an app store that you could download to your Tesla wouldn't have access to anything critical," Colombo said.

Third-party apps are increasingly becoming available in new cars. Some newer models offer a limited range of apps on their infotainment systems. Some Cadillac drivers can download Spotify, NPR and the Weather Channel, for instance. Newer Ford models offer apps like Waze, Domino's and Pandora.

Tesla has not officially launched a way for app creators to add apps to its vehicles. But tech-savvy Tesla enthusiasts have written about how to do so.

Moshe Shlisel, the CEO of Israeli cybersecurity company GuardKnox, said that automakers should scrutinize apps that end up on their vehicles to ensure safety. GuardKnox is developing a way for cars to monitor their apps and shut them down if they're doing something wrong, such as communicating to an off-limits part of the vehicle.

"It's a wake-up call to the entire industry," Shlisel said of Colombo's hack.

He expects that cars in the future will have hundreds of thousands of apps to choose from.

General Motors reviews apps and scans them for vulnerabilities, according to spokesman Darryll Harrison. Ford, which also allows a limited set of apps on some vehicles, declined to comment for this story.

But screening apps displayed on infotainment systems won't stop a person with sophisticated technical abilities from running an app on a vehicle independent of the automaker's approval. This could be done through a USB connection or an over-the-air vulnerability as occurred in the Tesla hack, according to cybersecurity experts.

The National Highway Traffic Safety Administration released best practices for cybersecurity in 2016, but it hasn't created standards for apps installed in vehicles. Neither has the auto industry.

"Right now it's open season," Shlisel said.

BRIGHTON, Colo. — Cyberattacks are becoming more common and more disruptive to our daily life, and many experts worry the nation’s food supply is the next big target.

“In the past, I don't think we gave a lot of thought to cybersecurity,” said Robert Sakata, a farmer in Brighton, Colorado.

Sakata’s family has farmed for decades.

“So, my dad started the farm, and he and his family actually were farming in San Francisco when World War Two broke out, so they were moved to an internment camp, ended up in a camp in Utah,” said Sakata. “When he was released from that camp, Colorado was one of the few places that were actually not discouraging Japanese-Americans from coming in.”

Once the war ended, the Sakata family rebuilt their life and started a new farm 30 minutes outside of Denver.

Their farm, along with the thousands of other farms across the country, is now facing a new threat that didn’t exist just a few years ago.

“When you talked about security, it was somebody maybe coming out here, and believe it or not, that's what they've actually done—come out here and steal the wheels off of this sprinkler, steal the copper wire that's along there,” said Sakata.

But now, it’s also cybercriminals Sakata worries about. Any machine, like a tractor or a sprinkler system that’s connected to the internet could be hacked and remotely controlled.

These threats could mean interruptions to daily life for millions of Americans.

“If a CPA firm gets breached, a bunch of social security numbers get stolen, you're dealing with identity theft. That's one thing, right? But when people don't have food, you're talking about riots in the streets,” said Joseph Brunsman, founder of the Brunsman Advisory Group. Brunsman is a provider for cybersecurity insurance.

Brunsman said these attacks, if large enough, could leave families hungry.

“A lot of people living on fixed incomes or people that are, you know, lower on the socio-economic scale, when food prices go up, you know, 10, 20, 30%, that means they have to make that decision: Am I going to pay for food? Am I going to pay for heating this month? So, it's really a serious, serious idea for a lot of people.”

Hackers can also stop farming equipment or food production equipment from working and demand a ransom be paid. Ransomware attacks have become more common, and food production has seen multiple large attacks in recent months.

Meatpacking company JBS was hacked in June and plants were shut down across the country after a ransomware attack.

JBS paid hackers $11M to get operations back online.

“This was a very difficult decision to make for our company, and for me personally,” said Andre Nogueira, the CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

“You hear about ransomware where you would totally lock up and we couldn't have control. That would be a real, real issue that then we couldn't water the crop at all,” said Sakata.

“Because everyone needs to eat, an attack, a successful attack within the food and agriculture industry can quickly cascade into a national security concern,” said Scott Algier, the executive director of the Information Technology Sharing and Analysis Center, known as IT-SAC. “We're seeing a lot of the same attacks on other industries already, but some of the potential consequences could be a little more impactful.”

In addition to ransomware, there’s concern about groups hacking and stealing intellectual property – like seed formulas.

“There's a lot of intellectual property that the fruit and agriculture industry has that that is of interest to other organizations, other countries,” said Algier.

“We could lose our entire year of income by somebody taking over something and creating a problem by not letting the sprinkler run or not having that shipment go through,” said Sakata. “So, it's a big risk not only just for my family, but then for whoever is depending on those food sources.”

These threats are why Sakata goes old school on some things. He doesn’t connect his storage refrigerator to Wi-Fi to keep his crops safe.

“The only way somebody can hack it is really to break in at the door and change the settings,” said Sakata. “Even then, I have a password!”

What he can protect digitally, he does, and he said he and other farmers now often discuss how to defend themselves from cybercriminals.

“Whether it's going now to multiple-step verification, you need maybe another key fob that identifies yourself, that is all going to be critical as we move forward,” said Sakata.

Brunsman said cybersecurity insurance can also help, but there are several other inexpensive options for smaller farmers as well.

“Even really basic, very affordable controls, such as multi-factor authentication, having multiple backups, having offline backups, email security, security awareness training, that kind of stuff. It's not super expensive. It's really quite affordable. In many cases, it's like the cost of a cup of coffee per person per month. That can really go a long way,” said Brunsman.

Those who study these attacks say they’re happening every single day on a small scale. It’s only a matter of time before the next large-scale attack occurs.

“The threats are coming up and several different sides, we're seeing, we've already seen threats against both producers and production facilities,” said Doug Jacobson, a professor of electrical and computer engineering at Iowa State University. “We had a co-op here in Iowa that was attacked. So, we see it from the large organization side of things. But anybody on the internet, even a farmer can be attacked.”

“It's kind of scary,” said Sakata. “I think if you dwelled on it too long, it would keep you up at night.

He just hopes other farms will take the steps he’s taking to protect what we all can’t live without: our food supply.

“We need to really ensure that we're doing everything we can to protect that. It would be really scary if we ever got to the day where people would go to the grocery store and there wasn't, wasn't any food,” said Sakata.

Algier echoed the need for collaboration to stop cybercriminals.

“Cyberattacks are happening everywhere all the time. So, it is something that every enterprise, no matter your size, and no matter industry, something you need to pay attention to,” said Algier. "The cybersecurity threat is so big that nobody can do it, nobody can defend it against on their own.”

WASHINGTON (AP) — Dozens of email accounts at the Treasury Department were compromised in the massive breach of U.S. government agencies being blamed on Russia.

That's according to an Oregon Democrat, Sen. Ron Wyden, who says hackers broke into systems used by the department’s highest-ranking officials.

Wyden issued a statement Monday after he and other members of the Senate Finance Committee were briefed by the IRS and the Treasury Department.

Wyden says that though there is no indication that taxpayer data was compromised, the hack “appears to be significant." In addition, the breach appears to involve the theft of encryption keys from U.S. government servers, Wyden said.

“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen,” Wyden said in a statement.

It is also not clear what Russian hackers intend to do with any emails they may have accessed.

A Treasury Department spokeswoman declined to comment on Wyden’s statement.

Treasury was among the earliest known agencies reported to have been affected in a breach that now encompasses a broad spectrum of departments. The effects and consequences of the hack are still being assessed, though the Department of Homeland Security’s cybersecurity arm said in a statement last week that the intrusion posed a “grave” risk to government and private networks.

In the Treasury Department’s case, Wyden said, the breach began in July. But experts believe the overall hacking operation began months earlier when malicious code was slipped into updates to popular software that monitors computer networks of businesses and governments.

Microsoft now says suspected Russian hackers behind a massive campaign that impacted government agencies, local municipalities and companies were also able to view some of the company’s source code.

In a blog post Thursday, Microsoft says the unauthorized access “has not put at risk the security of our services or any customer data.”

"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," Microsoft stated. "The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated."

Source code is the basic building blocks of computer programs, like the instructions.

Last month, as news of the hacking campaign surfaced, Microsoft acknowledged using the IT management software SolarWinds Orion, which is how the attackers gained access to thousands of government, public, and private organizations.

Microsoft has said in earlier blog posts they were aware of clients they serviced who were compromised, Thursday’s update is the first time the company has confirmed the attackers compromised them.

Microsoft says they operate with a philosophy of making source code viewable, and do not rely on secrecy of this code for security. “So viewing source code isn’t tied to elevation of risk,” they stated.

Video above: 8 tips to help you organize your child's closetChances are you have considered reorganizing your closet over the last few months. Granted, you might not have actually gotten around to doing it — but you have likely thought about it at some point.Perhaps you've got to a point where you can't move the hangers on the (very full) rail. Or maybe you've forgotten what it's like to be able to close the doors to your closet, as the clothes are literally overflowing.If you're at that stage, we have got just the thing. What if we told you there's a super easy way to multiply your wardrobe hanging space? The best part is it only requires one thing: empty cans.What to doStart off by removing the pull tabs from a few empty cans. The amount you'll need is determined by how much storage space you want to free up. Start by using five to 10. Next, remove one of the hangers from your wardrobe and slip the pull tab over the hook on top of the hanger. Then, take another clothes hanger and hook it onto the other metal loop on the tab. As you go, you can see this immediately frees up space on the clothes rail, with your clothes hanging vertically as opposed to horizontally.You can repeat this process multiple times. It is recommended that you hang items in groups of three, which should triple your rail space without adding too much weight to the starting hanger.Watch the TikTok hack in full here: