Tesla Hacked Twice At Ethical Hacking Conference
Tesla was hacked twice at the Pwn2Own software exploitation conference, with the hackers winning $350,000 and the Model 3 that they hacked into.
As Electrek reports(Opens in a new window), the hack was part of a long-standing attempt by Tesla to invest in cybersecurity, and the hack of Tesla vehicles at the Vancouver conference has taken place for a couple of years now.
In a tweet(Opens in a new window) confirming the first hack, conference organizers Zero Day Initiative said “Synacktiv successfully executed a TOCTOU exploit against Tesla—Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3.”
Time-of-check-to-time-of-use (TOCTOU) exploits are described by Pwn2Own as a “file-based race condition that occurs when a resource is checked for a particular value, and that value changes before the resource is used, invalidating the results of the check.”
The organizers were looking for exploits targeting Tesla’s Tuner, Wi-Fi, Bluetooth, or Modem components.
The second hack saw Synacktiv, a French offensive security company, manage to gain root access to Tesla’s system and compromise the Tesla Model 3 infotainment system through Bluetooth technology. In the hacking operation, Synacktiv used a heap overflow and an out-of-band (OOB) write vulnerability to gain access to the infotainment system.
The security company successfully completed the most hacking attempts(Opens in a new window) at the conference, managing to secure 53 Master of Pwn points and a total prize pot of $530,000 in the process.
Tesla’s security response team was on site to validate the findings and the automaker is expected to issue over-the-air fixes to patch the flaws, SecurityWeek reports(Opens in a new window).
Tesla is one of
Read more on pcmag.com
