Tesla previously announced that it partnered once again with Zero Day Initiative to participate in its 2023 Pwn2Own hacking contest at the Sheraton Wall Center in Vancouver for the CanSecWest conference.
The American EV giant funded the special event, offering extravagant prizes such as the famous Model 3 and Model Y, on top of the $600,000 grand prize.
Now, the event organizer declared that a group of hackers from the offensive security company Synacktiv (@Synacktiv) successfully hacked Tesla Model 3’s cybersecurity at the Pwn2Own hacking event.
Prizes
Synacktiv impressively employed a “TOCTOU” exploit on Tesla – Gateway.
In return, the hackers won $100,000, 10 Master of Pwn points, and a Tesla Model 3.
What is TOCTOU exploit?
The Zero Day Initiative ensured that the hackers’ complete specifics and procedures would not be made public to protect Tesla owners’ security.
Nonetheless, the exploit used to hack the Tesla vehicle appears rather simple.
As mentioned, the hackers used the TOCTOU (Time-Of-Check Time-Of-Use) exploit. This approach entails changing internal files to illicitly access the system.
Simply put, hackers are changing the files that a system will review to guarantee someone actually has access.
For instance, you might need to modify your login information to gain access. But, as the name implies, this is highly time-dependent because it makes use of the lag between when the system checks the files and when a user logs in.
Pwn2Own hacking contest
As we all know, Pwn2Own is among the biggest hacking contests worldwide. It urges teams of hackers to hack the most secured software on the market, including Tesla cars.
The contestants must hack a list of software and devices to win the prizes. The first team to finish the tasks will obtain a cash prize.
However, the team from Synactive won the Tesla Model 3 that they hacked as the first to finish the task.
See Also:
- Tesla urges people to hack its EVs for $600,000 Pwn2Own prize
- Federal officials examine path forward for EV cyber security
- 2023 Tesla Model 3 – Review, Pricing, and Specifications
- Tesla Model 3 & Y qualify for California’s USD2,000 rebate
- Tesla Model 3 was the Best-Selling EV Across Canada’s Provinces
Indeed, the contest will benefit car technology as it can urge companies to focus more on cybersecurity.
