Tesla Hacked Twice by Researchers at Pwn2Own Hackathon

Published on: March 28, 2023
Last Updated: March 28, 2023

Tesla Hacked Twice by Researchers at Pwn2Own Hackathon

Published on: March 28, 2023
Last Updated: March 28, 2023

A Tesla Model 3 and a cash prize of $100,000 have been awarded to a hacking group that successfully breached Tesla’s security during the Pwn2Own hacking event.

During the Pwn2Own hacking contest in Vancouver, researchers from the French pen-testing company Synacktiv successfully demonstrated two distinct exploits against the Tesla Model 3.

These attacks granted them extensive access to subsystems that control the car’s safety and other vital components.

One of the exploits involved executing a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla’s Gateway energy management system, which allowed them to, among other things, open the front trunk or door of a moving Tesla Model 3.

In under two minutes, the researchers were able to execute the attack and were awarded a brand new Tesla Model 3, along with a cash prize of $100,000.

These vulnerabilities discovered in Tesla were part of a larger total of 22 zero-day vulnerabilities uncovered by researchers from 10 countries during the initial two days of the three-day Pwn2Own contest this week.

During the second day of the Vancouver-based hackathon, Synacktiv’s researchers devised an exploit chain with a heap overflow and an out-of-band (OOB) write vulnerability to access the Tesla Infotainment system.

This hack earned the Synacktiv team a substantial cash prize of $250,000.

As a co-sponsor of Pwn2Own, Tesla leveraged the annual competition to uncover intricate exploit chains that could result in total compromise of the vehicle’s security.

However, it wasn’t the only Big Tech name to have its security barriers willfully tested against the best hackers in town.

As Forbes reported, “Over the course of just this one day, 22 March, Apple macOS, Microsoft Windows 11, Microsoft SharePoint, Ubuntu Desktop, Tesla Gateway, Adobe Reader, and Oracle VirtualBox all fell at the hands of these elite hackers.”

Apart from the Tesla Gateway exploit, Synacktiv was able to hack Apple’s macOS using the same TOCTOU attack.

The STAR Labs team successfully executed a chained exploit against Microsoft SharePoint and another exploit, which utilized a previously known vulnerability against Ubuntu Desktop, earning them a total prize of $115,000.

AbdulAziz Hariri from Haboob SA employed an impressive six-vulnerability chain exploit to escape the Adobe sandbox and hacked Adobe Reader, resulting in a prize of $50,000.

Meanwhile, Marcin Wiazowski executed an elevation of privileges attack against Windows 11 and took home $30,000.

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Husain Parvez

Husain has been around the internet ever since the dial-up days and loves writing about everything across the technosphere. He loves reviewing tech, writing about VPNs, and covering Cybersecurity news.