Tesla Hacked Twice At Ethical Hacking Conference

Total times read this article : 4

Tesla was hacked twice at the Pwn2Own software exploitation conference, with the hackers winning $350,000 and the Model 3 that they hacked into.

As Electrek reports(Opens in a new window), the hack was part of a long-standing attempt by Tesla to invest in cybersecurity, and the hack of Tesla vehicles at the Vancouver conference has taken place for a couple of years now.

In a tweet(Opens in a new window) confirming the first hack, conference organizers Zero Day Initiative said “Synacktiv successfully executed a TOCTOU exploit against Tesla—Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3.”

Time-of-check-to-time-of-use (TOCTOU) exploits are described by Pwn2Own as a “file-based race condition that occurs when a resource is checked for a particular value, and that value changes before the resource is used, invalidating the results of the check.”

The organizers were looking for exploits targeting Tesla’s Tuner, Wi-Fi, Bluetooth, or Modem components.

The second hack saw Synacktiv, a French offensive security company, manage to gain root access to Tesla’s system and compromise the Tesla Model 3 infotainment system through Bluetooth technology. In the hacking operation, Synacktiv used a heap overflow and an out-of-band (OOB) write vulnerability to gain access to the infotainment system.

The security company successfully completed the most hacking attempts(Opens in a new window) at the conference, managing to secure 53 Master of Pwn points and a total prize pot of $530,000 in the process.

Recommended by Our Editors

Tesla’s security response team was on site to validate the findings and the automaker is expected to issue over-the-air fixes to patch the flaws, SecurityWeek reports(Opens in a new window).

Tesla is one of many companies that use white hat hacks (exploits undertaken with the consent of the owner) in order to identify security flaws and bolster their systems’ protection against outside hacks.

In 2017, a white hat hacker managed to gain access(Opens in a new window) to Tesla’s car database. The move meant he was able to get information about any car in Tesla’s fleet and even send them commands. 

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs” readability=”31.423799582463″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Facebook Comments Box

Hits: 0

RELATED ARTICLESMORE FROM AUTHOR