Tesla Model 3 Hacked at Pwn2Own Contest, Exploit to Be Fixed
A team of IT specialists from cybersecurity company Synacktiv succeeded in hacking into a Tesla Model 3 at the PWN2OWN white hat hacking competition in Vancouver, Canada, on Friday — reports Forbes.
PWN2OWN is a biannual ethical hacking contest where contenders attempt to exploit widely used hardware and software through previously unknown vulnerabilities. Those who succeed are awarded a cash prize, and also get to keep the device they exploited.
The @Synacktiv team shows off their remote exploit of the #Tesla Model 3. Earlier today, this research earned them $75,000 during #Pwn2Own. pic.twitter.com/PZDCcJJvcE
— Zero Day Initiative (@thezdi) May 20, 2022
On day two of PWN2OWN, the Synacktiv group managed to remotely hack into the infotainment system of a Tesla Model 3 using two zero-day vulnerabilities and a previously known sandbox escape. While their hack wasn’t complex enough to win the Model 3 itself, it earned the team $75,000 USD in prize money.
Another group attempted to hack into a Tesla by exploiting its diagnostic ethernet and included root persistence, but they weren’t able to get the job done in the allotted time. Their exploit was still acquired by Trend Micro ZDI for an undisclosed amount and will be disclosed to Tesla for patching.
Tesla’s electric cars are far from invulnerable to remote hacks. Back in January, a German teenager revealed he had been able to hack into and gain “remote control” of 25+ Tesla cars in 13 countries. Tesla patched the API security flaw he exploited a couple of weeks later.