Tesla was successfully hacked at the Pwn2Own conference and in the process, the hackers won $100,000 and the Model 3 that they managed to compromise.
Over the last few years, Tesla has been investing a lot in cybersecurity and working closely with whitehat hackers. The automaker has been participating in the Pwn2Own hacking competition by offering large prizes and its electric cars for hacking challengers.
Hacking vehicles, and Tesla vehicles in particular, has been a staple of the hacking conference for a few years now.
Zero Day Initiative, the organization running Pwn2Own, confirmed that this year was no exception and the Tesla Model 3 they brought was successfully hacked:
Synacktiv confirmed that they managed to gain root access to Tesla’s system and claimed to have been able to have “taken over” the whole car:
After having finished their exploit in a hotel room, @_p0ly_ and @vdehors successfully compromised the Tesla Model 3 infotainment through Bluetooth and elevated their privileges to root! Combined with the previous entry, this could have been a full chain to take over the car!
They shared this image of their Model 3 infotainment test rig:
Pwn2Own confirmed that it was a TOCTTOU exploit, which is described as:
Time-of-check-to-time-of-use (TOCTTOU – pronounced TOCK-too) is a file-based race condition that occurs when a resource is checked for a particular value, such as whether a file exists or not, and that value then changes before the resource is used, invalidating the results of the check.
The findings of these kinds of whitehat hacks are always shared with the companies in order to help make their products more secure.
As previously mentioned, Tesla has been investing heavily in cybersecurity.
We went into a lot of detail about Tesla’s cybersecurity effort in our report about “The Big Tesla Hack” when a hacker managed to get control over Tesla’s entire fleet.