Tesla Exploited at Pwn2Own 2023, Hackers Win $100,000 and Model 3 [Update]

Sarah Lee-Jones
2 years ago

tesla pwn2own 2023

Back in January the Pwn2Own security conference announced Tesla would be a sponsor again for 2023. The conference offers cash prizes for white hat hackers to demonstrate live exploits, allowing companies such as Tesla to learn more about beefing up their software and hardware security.

This year saw the addition of the Steam VM Escape category with multiple targets, since gaming is now widely available on Model S and Model X.

On day one of Pwn2Own held in Vancouver, BC, Canada, the Synacktiv team successfully executed a TOCTOU attack against the Tesla Energy Gateway. The team won $100,000, along with 10 Master of Pwn points and also a Tesla Model 3. While the Zero Day Initiative announced Synacktiv won a Tesla Model 3, a video shows them posing beside a Tesla Model S (update: check below).

A TOCTOU (Time of Check to Time of Use) attack, also known as a race condition attack, is a type of cybersecurity vulnerability that occurs when a system’s state changes between the time a resource is checked (time of check) and the time the resource is used (time of use). This attack exploits the small time window between these two actions, allowing an attacker to gain unauthorized access or modify the resource during that brief period.

Hackers can win up to $600,000 for hacking a Tesla and win the car itself too. The Model 3 and Model S were on hand to be hacked. Last year a Model 3 was available as a target and it returns this year (Intel or Ryzen-based), while in 2023 a Model S is also available (Ryzen-based).

Last year, the Synacktiv team also exploited a Model 3 earning $75,000 as well at Pwn2Own, but the hack wasn’t complex enough to win the car.

Update March 24, 2023: Synacktiv clarified to Tesla North they did win a Model 3, but posed for a picture beside the Model S because it was there.

Other articles in the category: Model 3

Tesla Adds Water Shields to Improve Rear Camera Visibility

Tesla is making a practical upgrade to its Model 3 and Model Y vehicles by adding water shields to the rear cameras. This new feature, designed to keep the camera lens clear during rain, aims to improve visibility for drivers in wet conditions. Interestingly, this isn’t a completely new addition for Tesla’s lineup. According to […]
Sarah Lee-Jones
8 hours ago

New Tesla Model 3 Gets Acceleration Boost: Here’s What it Costs

Tesla has introduced an optional “Acceleration Boost” upgrade for its new Model 3 Long Range AWD (Highland), reducing the 0-100 km/h acceleration time from 4.4 seconds to 3.8 seconds. The upgrade is currently available in select regions, including Australia ($3000 AUD, about $1,948 USD), China, and Taiwan, with pricing varying by location. In China, the […]
Sarah Lee-Jones
1 day ago

Tesla Confirms Hardware 3 (HW3) Cars Can Become Robotaxis

In a recent interview with Tesla executives at the company’s “We, Robot” special event, YouTuber Kim Java received confirmation that Tesla’s Hardware 3 (HW3) vehicles, including older models such as the 2018 Model 3, will be fully equipped to support Robotaxi features. These exciting updates were provided by two of Tesla’s top executives, Lars Moravy, […]
Sarah Lee-Jones
1 month ago