Tesla cybersecurity hacked at the Pwn2Own event

Last updated: 2023/03/27 at 11:44 PM

EV-a2zm Published March 25, 2023 3 Min Read

3 Min Read

Toronto, Ontario Canada - August 23rd 2019 Photograph of a red Tesla model 3 indoor with reflections of a lot of light.

Tesla previously announced that it partnered once again with Zero Day Initiative to participate in its 2023 Pwn2Own hacking contest at the Sheraton Wall Center in Vancouver for the CanSecWest conference.

Contents

Prizes What is TOCTOU exploit?Pwn2Own hacking contest

The American EV giant funded the special event, offering extravagant prizes such as the famous Model 3 and Model Y, on top of the $600,000 grand prize.

Can you #hack a @Tesla? Top prize $600,000 (plus the car itself) #Pwn2Own competition in #Vancouver, #Canada Mar. 22-24 https://t.co/VOOH7IXLjF via Zero Day Initiative @thezdi pic.twitter.com/81quLKIY7r
— Steve Morgan (@CybersecuritySF) January 13, 2023

Now, the event organizer declared that a group of hackers from the offensive security company Synacktiv (@Synacktiv) successfully hacked Tesla Model 3’s cybersecurity at the Pwn2Own hacking event.

CONFIRMED! @Synacktiv successfully executed a TOCTOU exploit against Tesla – Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3. #Pwn2Own #P2OVancouver pic.twitter.com/W61NasJPAl
— Zero Day Initiative (@thezdi) March 22, 2023

Prizes

Synacktiv impressively employed a “TOCTOU” exploit on Tesla – Gateway.

In return, the hackers won $100,000, 10 Master of Pwn points, and a Tesla Model 3.

One of the main highlights from Day One of #Pwn2Own Vancouver 2023: @Synacktiv vs the Tesla Model 3. Their successful demonstration earned them $100,000 and the car itself pic.twitter.com/d7TY5mKHxK
— Zero Day Initiative (@thezdi) March 23, 2023

What is TOCTOU exploit?

The Zero Day Initiative ensured that the hackers’ complete specifics and procedures would not be made public to protect Tesla owners’ security.

Nonetheless, the exploit used to hack the Tesla vehicle appears rather simple.

After having finished their exploit in an hotel room, @_p0ly_ and @vdehors successfully compromised the Tesla Model 3 infotainment through bluetooth and elevated their privileges to root!
Combined with the previous entry, this could have been a full chain to take over the car! https://t.co/AEZERvO6Ko pic.twitter.com/6R1b72h0iz
— Synacktiv (@Synacktiv) March 23, 2023

As mentioned, the hackers used the TOCTOU (Time-Of-Check Time-Of-Use) exploit. This approach entails changing internal files to illicitly access the system.

Simply put, hackers are changing the files that a system will review to guarantee someone actually has access.

For instance, you might need to modify your login information to gain access. But, as the name implies, this is highly time-dependent because it makes use of the lag between when the system checks the files and when a user logs in.

Pwn2Own hacking contest

As we all know, Pwn2Own is among the biggest hacking contests worldwide. It urges teams of hackers to hack the most secured software on the market, including Tesla cars.

The contestants must hack a list of software and devices to win the prizes. The first team to finish the tasks will obtain a cash prize.

However, the team from Synactive won the Tesla Model 3 that they hacked as the first to finish the task.

See Also:

Indeed, the contest will benefit car technology as it can urge companies to focus more on cybersecurity.

TAGGED: Electric Vehicle, EV, Tesla, Tesla Model 3, USA

EV-a2zm March 27, 2023 March 27, 2023

Share This Article

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Tesla cybersecurity hacked at the Pwn2Own event

Prizes

What is TOCTOU exploit?

Pwn2Own hacking contest

Follow US

Popular News

Tesla leaks Magic Dock CCS adapter, hinting first Supercharger with CCS compatibility in Hawthorne

Top Menu

Resource

Prizes

What is TOCTOU exploit?

Pwn2Own hacking contest

You Might Also Like

Hyundai reveals battery suppliers of its EV models amid fire concerns

Uber boss casts doubt on Tesla’s Robotaxi vision

Tesla secures direct sales license in Kentucky

CATL launches showroom of EV models powered by its batteries in China

Tesla Semi to hit European roads

Follow US

Weekly Newsletter

Popular News

Tesla leaks Magic Dock CCS adapter, hinting first Supercharger with CCS compatibility in Hawthorne